Problem with ssl ce...
 
Notifications
Clear all

Problem with ssl certificate on SMTP

5 Posts
4 Users
1 Reactions
1,011 Views
(@georgemr)
Joined: 10 months ago
Posts: 1
Topic starter  

Hi, I can deploy successfully the let's encrypt ssl, and on the browser, everything looks good.

What I do is:

I have email.domain.net

So I create a domain on the admin UI: domain.net

And then create a virtual host for the subdomain: email.domain.net.

I got the certificate validated on the browser and says it's valid.

Now when I add one account for example on the gmail app or mailbird via smtp port 993 and 587, I get that the certificate is not valid.

What I'm missing? Or do I need to create the certificate on the terminal like Zimbra used to?


   
Quote
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
 

@georgemr

Hi,

Could you please try this method and let us know your feedback?

Article on How to Deploy Let's Encrypt SSL Using CLI in Carbonio CE

Meanwhile, I will test something myself which could take some time.

I hope you would understand.

Regards,

Sharif


   
ReplyQuote
 Klug
(@klug)
Joined: 13 years ago
Posts: 65
 

I guess you're connecting to email.domain.tld with SMTP.

And I think the problem with LetsEncrypt method is that it only manages the certificates that goes in the reverse-proxy (nginx, for https, imaps and pop3s), not the certificate for the MTA (postfix).

Postfix doesn't know how to handle several certificate, you can only have one.
Right now, I guess (but could be wrong) that the certificate in postfix is "server.domain.tld" (the server name when you setup Carbonio), it's the self-signed certificate created during the setup.

 


   
ReplyQuote
(@anahuac)
Joined: 2 years ago
Posts: 328
 

@klug you're mostly right.... but we can replace that self-signed certificate by a valid let's encrypt one.

I wrote an article explaining that and how to do it:

https://www.anahuac.eu/lets-encrypt-on-carbonio-system-root-with-acme-sh/

Hope it helps


   
ReplyQuote
 Klug
(@klug)
Joined: 13 years ago
Posts: 65
 

Yes you can, obviously.
But not with the "integrated in WebAdmin of Carbonio" method.


   
anahuac reacted
ReplyQuote