Mail Client und Zertifikate

  • Alles auf dem neuesten Stand. Debian 8.x i-mscp 1.3.7 LetsEncrypt 1.3.0


    Jedes mal wenn ich eine neue LetsEncrypt Version installiere, rufen mich meine Kunden an und beschweren sich über die Fehlermeldung betreffend Zertifikatsfehler beim Versenden von Emails. Ich habe da einfach ein Wissenmanko. Ist das normal oder kann oder sollte das nicht so sein??


    Bei ca 120 Mailkonten und 40 Domains ist da schon etwas mühsam.

    I-MSCP 1.5.3 - Debian 9 Stretch

  • Good evening,


    First please, read LetsEncrypt plugin v1.3.0 RELEASED
    There are many bugs in LetsEncrypt versions 1.2.0 and 1.3.0 which will be fixed in next version 1.4.0.


    For your problem, try to clarify a bit.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Ok will try



    Every time I install a new LetsEncrypt version, my customers call me and complain about the error message regarding certificate errors when sending emails. I have a simple knowledge. Is this normal or can or should not be?


    See Attachement.


  • Could you please post what happens when you click on "Ansehen..." ?

  • I have Thunderbird too, and checked a couple of things:
    - 1. I can't see in my "Certification Authority" list (in Thunderbird options), something regarding LetsEncrypt. So as far as the CA isn't validated by your mail client, the generated certificates aren't also recognized/validated.
    - 2. You use the name domain.tld in order to connect. As far as i know the only method to achieve that is by issuing a wildcard certificate. LetsEncrypt does not support wildcards. try with servername.domain.tld instead...


    I'm not 100% sure about what I write, if it's the case please correct my words.
    Bye Kess.

  • @web4you


    In your mail client, you entered: web4you-gmbh.ch while the certificate has been issued for web4you-server-02.web4you-gmbh.ch which is your server hostname.


    Please, try with web4you-server-02.web4you-gmbh.ch in your mail client and ensure that the cert is correct by executing the following command:

    Shell-Script
    1. openssl x509 -noout -text -in /etc/imscp/imscp_services.pem | grep 'Subject: CN='

    And yes, LetsEncrypt plugin v1.4.0 will comes very soon. Sorry for the delay.


    BTW: In your mail client, you shoudn't set SSL using port 465. You should use TLS instead.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Tnx for helping. With web4you-server-02.web4you-gmbh.ch as server in my Clients it works and never asked me to accept the cert. BUT - whats about my customers? Do they have all to use the same entry as incomming and outgoing server? I like to have the customers domain name like imap.<customer.domain> and smtp.<customer.domain>. Will this also work with the next LetsEncrypt version?

    I-MSCP 1.5.3 - Debian 9 Stretch