Wrong lets encrypt ...
Clear all

Wrong lets encrypt certificate exposed for a virtualhost

2 Posts
2 Users
Joined: 2 months ago
Posts: 2
Topic starter  

Hi All,

I'm coming from Zimbra OSE V8.8.15 and want to migrate to Carbonio CE.

So I deployed a V24.1.0, installed a first domain, got the certificate for it from lets encrypt using the GUI. All looks fine so far.

Now adding a second email domain, I created a virtualhost and get a new let's encrypt domain for that new domain.

Restarting the proxy, all looks good on the web UI presenting the proper certificate. The original domain and as alternate name the second domain.

Now If I configure (IMAPS) the 2nd domain to my Iphone, I get an alert that the certificate does not match.

Looking at the certificate itself, it indeed shows only the original domain and not the alternate 2nd domain.

Would really appreciate your feedback on that.

Many thanks.



Joined: 10 months ago
Posts: 304

You got it right. Carbonio doesn't do SNI for IMAP/POP/SMTP protocols, meaning only the main domain can be used without getting certificates alerts on the e-mail clients trying to connect.

The only possible solution is to issue a single "root certificate" for both domains.

I explain more about this issue here: https://www.anahuac.eu/lets-encrypt-on-carbonio-system-root-with-acme-sh/

Telegram: @CarbonioMail

manu67a reacted