Forums

×

Warning

JUser: :_load: Unable to load user with ID: 348081
JUser: :_load: Unable to load user with ID: 348281
James Lees
James Lees
Offline
Resolved
0 votes
Hallo Community,
I am testing ClearOS 7 Community Edition in a closed network without internet connection as an e-mail server. It works fine as long as the clients are in the same subnet. Clients from other subnets can not connect the clearOS, they even can not ping it. But all other machines in my various subnets can interact with every other machine in my subnets. Only the clearOS doesn't talk to machines from other subnets. Does anybody have an idea what I did wrong with the clearOS?

Thanks
James
Monday, January 02 2023, 06:28 PM
Share this post:
Responses (11)
  • Accepted Answer

    Tuesday, October 10 2023, 10:45 AM - #Permalink
    Resolved
    0 votes
    Your discussion is a delight to follow. As requested many years ago, the problem has been resolved without the former team members. Thank you for not contributing to a negative dread of uncertainty.
    geometry dash lite
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, January 22 2023, 09:15 AM - #Permalink
    Resolved
    0 votes
    Certificates will always expire and it is not right to say someone left a timebomb just because a certificate expires. Any company worth its salt should have a certificate process where all certificates are documented with the provider, when they expire, where they are deployed and what services are using them. Then they can track them, especially when employees move on. In this case a Lets Encrypt certificate expired on many servers. This is because, although it renewed OK, the deployment mechanism was broken by Clearcenter well after the employee left. The statement made by Michael looks very it libellous. and as Nick Howitt requested, should be withdrawn. I would go a stage further and say a public apology should be issued.

    This resulted in limited transition outage as moved SSL providers/process.

    This is an out and out lie. The certificate provider still is Let's Encrypt. Anyone can see it by clicking on the padlock icon on their browser or with something like:
    echo -n | openssl s_client -connect www.clearos.com:443 -verify 5 | openssl x509 -text -noout
    verify depth is 5
    depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
    verify return:1
    depth=1 C = US, O = Let's Encrypt, CN = R3
    verify return:1
    depth=0 CN = clearos.com
    verify return:1
    DONE
    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number:
    03:43:66:fd:83:2a:f6:e0:0f:8f:50:58:a1:f5:76:ac:69:93
    Signature Algorithm: sha256WithRSAEncryption
    Issuer: C=US, O=Let's Encrypt, CN=R3
    Validity
    Not Before: Nov 29 08:06:32 2022 GMT
    Not After : Feb 27 08:06:31 2023 GMT
    Subject: CN=clearos.com
    <snip>
    X509v3 Subject Alternative Name:
    DNS:*.clearcenter.com, DNS:*.clearfoundation.com, DNS:*.clearos.com, DNS:*.clearos.org, DNS:*.clearshare.network, DNS:*.clearvm.com, DNS:*.witsbits.com, DNS:clearcenter.com, DNS:clearfoundation.com, DNS:clearos.com, DNS:clearos.org, DNS:clearshare.network, DNS:clearvm.com, DNS:witsbits.com
    <snip>
    CT Precertificate SCTs:
    Signed Certificate Timestamp:
    Version : v1(0)
    Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
    5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
    Timestamp : Nov 29 09:06:32.253 2022 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
    30:46:02:21:00:86:94:10:82:8F:21:50:F3:6A:8D:44:
    E2:9D:CC:41:68:91:9D:83:88:97:1A:28:BE:E1:B2:74:
    63:8B:F9:7D:D7:02:21:00:D5:89:72:0A:00:99:EB:3C:
    A3:95:11:23:E5:36:AE:52:D8:1F:B5:AA:C2:A8:54:7C:
    E0:E8:1B:E1:0D:D5:A2:50
    Signed Certificate Timestamp:
    Version : v1(0)
    Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
    03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
    Timestamp : Nov 29 09:06:32.257 2022 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
    30:45:02:20:07:B3:E9:F8:FE:FC:95:8B:76:E6:D0:28:
    58:AF:3D:33:6D:25:D5:F2:94:59:37:78:3F:8F:E4:E9:
    31:51:B9:84:02:21:00:FC:C6:55:00:33:0C:CD:28:A2:
    DB:B5:6D:3D:8A:31:BF:77:57:93:FB:E8:20:F1:05:8F:
    57:92:91:83:1E:76:B9
    <snip>
    So it is a let's Encrypt certificate. It was issued on 29th Nov, exactly 30 days before the previous certificate expired on all the sites. This tells me that the renewal process worked but the distribution process didn't. The distribution process was re-enabled later and the certificates then went out to all the servers as they should have done on the 29th Nov, before Clearcenter messed up on their AWS payments. Let's Encrypt certificates have been used for over 3 years since Dave Loper started using them. There has been no change of provider. Why is there need for such a barefaced lie?

    Why have you then banned Nick Howitt for defending his name against the lies and libel?

    And then you ban Georgina for saying ClearOS has not had any security updates since last summer and should now be considered an insecure operating system? It is a true statement.

    And then forum posts and threads are going messing. There was a whole thread about ClearOS Alternatives which has magically been deleted. Why is the forum now being censored?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, January 05 2023, 01:49 PM - #Permalink
    Resolved
    0 votes
    So if the repos are still available, why do I consistently get the following results when trying to update?
    [root@server ~]# yum clean all
    Loaded plugins: clearcenter-marketplace, fastestmirror
    ClearCenter Marketplace: fetching repositories...
    ClearCenter Marketplace: <urlopen error [Errno -2] Name or service not known>
    Cleaning repos: clearos clearos-centos clearos-centos-fasttrack
    : clearos-centos-updates clearos-centosplus clearos-contribs
    : clearos-epel clearos-fast-updates clearos-infra clearos-updates
    Cleaning up list of fastest mirrors
    Other repos take up 1.9 G of disk space (use --verbose for details)
    [root@server ~]# yum upgrade
    Loaded plugins: clearcenter-marketplace, fastestmirror
    ClearCenter Marketplace: fetching repositories...
    ClearCenter Marketplace: <urlopen error [Errno -2] Name or service not known>
    Determining fastest mirrors
    Could not retrieve mirrorlist http://mirrorlist.clearos.com/clearos/mirrorlist/clearos-current-os-7 error was
    14: curl#6 - "Could not resolve host: mirrorlist.clearos.com; Unknown error"


    One of the configured repositories failed (Unknown),
    and yum doesn't have enough cached data to continue. At this point the only
    safe thing yum can do is fail. There are a few ways to work "fix" this:

    1. Contact the upstream for the repository and get them to fix the problem.

    2. Reconfigure the baseurl/etc. for the repository, to point to a working
    upstream. This is most often useful if you are using a newer
    distribution release than is supported by the repository (and the
    packages for the previous distribution release still work).

    3. Run the command with the repository temporarily disabled
    yum --disablerepo=<repoid> ...

    4. Disable the repository permanently, so yum won't use it by default. Yum
    will then just ignore the repository until you permanently enable it
    again or use --enablerepo for temporary usage:

    yum-config-manager --disable <repoid>
    or
    subscription-manager repos --disable=<repoid>

    5. Configure the failing repository to be skipped, if it is unavailable.
    Note that yum will try to contact the repo. when it runs most commands,
    so will have to try and fail each time (and thus. yum will be be much
    slower). If it is a very temporary problem though, this is often a nice
    compromise:

    yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

    Cannot find a valid baseurl for repo: clearos/7
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, January 04 2023, 12:50 PM - #Permalink
    Resolved
    0 votes
    great
    The reply is currently minimized Show
  • Accepted Answer

    Georgina
    Georgina
    Offline
    Tuesday, January 03 2023, 10:06 PM - #Permalink
    Resolved
    0 votes
    @Michael said

    The repositories are not down

    Whilst that is true, they are **NOT** being updated and ClearOS 7 is now way out of date. I have a CentOS 7 system so I can see the updates CentOS are releasing regularly. NONE of them are being applied to ClearOS repositories. As CentOS 7 is now in maintenance mode they are are all security updates. Running ClearOS is now a security risk, period. Not being negative - just pointing the actual situation. Would be good if Michael could just acknowledge that fact.
    • Michael Proper
      more than a month ago
      Acknowledge and agreed on most levels. :)
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 03 2023, 07:31 PM - #Permalink
    Resolved
    0 votes
    Hi Dirk, Thank you for caring and for your follow-up. Please know we work hard to add value to humanity with both ClearOS Server, ClearOS Mobile, and now the new Digital World www.digitalworld.earth (watch for a large announcement here) which combines them both. Know that if there are issues we will get them figured out even during confusing times and against huge obstacles. Thank you for the decades of loyalty and trust. Appreciate the opportunity to work with and for the paid ClearOS Server members.

    Dirk Albring wrote:

    Michael, I meant no ill will. I wasn't talking trash. The Community thread I shared has a lot of comments in it that point to an EOL, plus there have been no updates of any kind for a long time, apart from an occasional definitions update for anti-malware. I have been using your stuff since the Clark Connect days and honestly think very highly of ClearOS. I have been an active contributor (albeit more so when Nick wasn't covering stuff) in the forum for years. I have been looking into other distros based on what I've just stated, but I hate having to because I'm so used to ClearOS and it's great performance over the years. I was surprised by your response. I'm actually glad you responded and boosted my confidence a little that it's not EOL. I'm sorry you felt like you had to jump down my throat. I don't feel like my comment deserved it, especially since I tried to update this morning and failed on every ClearOS repo.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 03 2023, 06:44 PM - #Permalink
    Resolved
    0 votes
    Michael, I meant no ill will. I wasn't talking trash. The Community thread I shared has a lot of comments in it that point to an EOL, plus there have been no updates of any kind for a long time, apart from an occasional definitions update for anti-malware. I have been using your stuff since the Clark Connect days and honestly think very highly of ClearOS. I have been an active contributor (albeit more so when Nick wasn't covering stuff) in the forum for years. I have been looking into other distros based on what I've just stated, but I hate having to because I'm so used to ClearOS and it's great performance over the years. I was surprised by your response. I'm actually glad you responded and boosted my confidence a little that it's not EOL. I'm sorry you felt like you had to jump down my throat. I don't feel like my comment deserved it, especially since I tried to update this morning and failed on every ClearOS repo.
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    James Lees
    James Lees
    Offline
    Tuesday, January 03 2023, 06:36 PM - #Permalink
    Resolved
    0 votes
    Thank you all for answering,

    I really enjoy following your discussion ;-), but why has this thread been set to resolved? Is there a link following, which tells the answer of my question?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 03 2023, 06:14 PM - #Permalink
    Resolved
    0 votes
    Sorry, but that is complete misinformation. I automated the Let's Encrypt SSL certificates and they work fine. I was then asked to use a multi-year commercial certificate on the servers, but I pointed out that they were no longer available from reputable suppliers as current standards say that SSL certificates must be renewed annually. I was not believed for a while until Michael finally looked it up and realised what he was asking for was not possible and the subject was dropped. There was no subsequent request to move the SSL Cert process anywhere else or change the process in any other way.

    There was no time bomb placed in the SSL Cert process. It is just that Clearcenter have not a clue on what runs on their servers. When AWS shut down the Clearcenter servers for non-payment in October, they paid the bill and then selectively restarted various servers. This is when all the DDNS and Domain system also failed. They also decided not to restart another of the servers which, among other things, looks after the certificate renewal. I don't think they have any idea of the other services provided by that server.

    @Michael, I request that you retract your post.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 03 2023, 05:37 PM - #Permalink
    Resolved
    0 votes
    Dirk, Sad to see your negative response and misinformation. The repositories are not down, that said you are correct a certain prior team member did put a timebomb in the SSL Cert process even after we asked for the SSL Certs to be managed a different way but needed to trust folks to make decisions and act in good faith. This resulted in limited transition outage as moved SSL providers/process. The prior team members are no longer with us and the issue has been solved as was requested many years ago. Thank you for not creating negative fear of uncertainties. It would be nice to see the ClearOS Server Community help folks like James vs continuing to milk the ClearCARE Support team or talk trash like this.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 03 2023, 01:48 PM - #Permalink
    Resolved
    0 votes
    You might want to read this before you go much further. The repositories are even down now, but they hadn't been updated in months anyway. It's too bad. COS was such a great distro.
    The reply is currently minimized Show
Your Reply