Invalid certificate in Outlook (email client)

    I am in the proces of installing my new server and encountered a problem.
    Dont know if this is Imscp related or maybe i am doing something wrong.


    Installed Debian Jessie fresh
    installed Imscp 1.3.0
    installed letsencrypt
    installed Dkim
    installed php switcher


    added 3 websites
    all 3 websites enabled the letsencrypt
    Https works perfect without any problem checked the green lock and the certs are all ok and belong to the domains
    Here you can see the domains with certs Nr1 Nr2 Nr3


    Now here comes the problem:
    on all 3 domains added email accounts info@
    now on outlook i create the mail accounts for the domains
    during this proces i get the error certificate is not for this domain do you want to continu


    so this meens:
    domain Nr1 info@email takes certificate Nr1 from domain Nr1
    domain Nr2 info@email takes certificate Nr1 from domain Nr1
    domain Nr3 info@email takes certificate Nr1 from domain Nr1


    Shoot me <X either i am doing something wrong
    Or there is a serious problem :-/ they all use the certificate from domain A
    Please advise in this matter
    If needed server is at your disposal with root access

    wt nx mr lr snl

    This is not a problem related to letsencrypt nor the webserver. Outlook uses the certificate used by the postfix-service for the FQDN (e.g. srv01.domain.tld). Normally it's /etc/imscp/imscp_services.pem.
    You can change this certificate by running following command:
    perl imscp-autoinstall -dr services_ssl


    BTW:
    You need to select manual mode, for IMAP/POP3/SMTP-Server you need to type your FQDN, not the domains name. Domain name will only work if the certificate is also valid for that domain.


    PS: Let's Encrypt is currently not working for imscp panel + services. This feature is planned for imscp 1.4.x.

    @check


    As stated by @Ninos, the SSL certificate used for mail services (SMTP, POP/IMAP) has nothing to do with the SSL certificates used by your domains, those that are generated through the LetsEncrypt plugin. The mail services use a shared SSL certificate which is setup during i-MSCP installation. @Ninos given you the command which allows to reconfigure that SSL certificate.


    Anyway, you must understand that it is not possible to setup different SSL certificates for the mail services without assigning a different IP to each of your customers. For instance with Postfix, such a setup can be achieved by configuring many smtpd instances. i-MSCP doesn't provide such setup.


    See https://lxadm.com/Postfix_and_multiple_SSL_certificates to understand what I mean.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    ok done that but still the same problem
    this proces is also asked when installing imscp


    Could this be caused by the fact that my Fqdn is not ready yet ?
    The request for a ptr was made and should be ready tomorrow.


    The server is already installed with that Fqdn adres

    wt nx mr lr snl

    The added certificate is signed for your FQDN? Also in Outlook now you added your FQDN as IMAP/POP3/SMTP server?

    Nope the fqdn is not ready yet so that will not work i use the domain name always did on my other servers also


    But i dont understand why postfix is taking the certs from another site


    In the main.cf is
    smtpd_tls_cert_file = /etc/imscp/imscp_services.pem
    smtpd_tls_key_file = /etc/imscp/imscp_services.pem


    so it should be using those files ?

    wt nx mr lr snl

    As I said before, postfix has nothing to do with the webserver and so with letsencrypt. Postfix is using the certificate you added in the imscp-autoinstall with param -dr services_ssl.

    ok so who is using what ?Postfix? imscp? letsencrypt? my neighbour? outlook?
    It does not matter
    The fact is when i add an email account it starts with the error that it is using the wrong certificate


    I did not add anything with that command line you gave me should i ?
    My Fqdn is not yet ready hopefully tomorrow


    So how can i resolve this ?
    Wait for the fqdn to be ready and install all new?
    Edit some files maybe ?


    Or is it just me that imagining things and the error that comes up is a mirrage ?

    wt nx mr lr snl

    When you installed or updated i-MSCP, you choose the Let's Ecrypt certificate for your webserver (s.th. like admin.webserver.example). As Postfix also provides this certificate when somebody tries to connect via TLS it is essential that you configure your client software (Outlook) to connect to your server via the correct FQDN (admin.webserver.example) or you'll get wrong certificate errors.

    Again, lets Encrypt is only creating a cert for apache2, not postfix. If you want to have a valid cert you need to add a valid cert with the command provided above.