LauwereysM
Verified User
- Joined
- Sep 18, 2017
- Messages
- 12
Hello,
For a few days now I'm trying many different ways to get the e-mails to work though a secure ssl connection. I've tried Let's Encrypt as well as a certificate I've purchased today. But still it doesn't want to detect it I guess. Or maybe my DNS isn't done correctly?
These are my latest steps:
1) A clean install of my VPS (installed DA update, no CustomBuild plugin)
2) Added the website (poisonmichael.com)
"Secure SSL" is enabled for that domain.
And "Use a symbolic link from private_html to public_html - allows for same data in http and https" as well
3) I've set the nameservers from my host to ns1.poisonmichael.com and also for ns2.
4) The nameservers are added in Administrator Settings.
5) Server name: server.poisonmichael.com (Reverse DNS same)
6) Created a new email for that domain: [email protected]
7) In the SSL Certificates section I've added the CA bundle (3 parts) in the "Click Here to paste a CA Root Certificate" box and selected "Use a CA Cert.".
8) In the "Paste a pre-generated certificate and key" I've pasted both my private key and the certificate.
9) When I try to visit https://www.poisonmichael.com it works without a problem. And when checking the certificate with https://www.digicert.com/help/ it seems it's ok?
10) When I now try (with Thunderbird) to connect to my account it default detects:
IN: IMAP, mail.poisonmichael.com, STARTTLS
OUT: SMTP, mail.poisonmichael.com, no encryption
11) If I try to manually change these settings to use:
IN: 993, SSL/TLS
OUT: 465, SSL/LTS
It tells me it can't find any e-mail settings.
Troubleshoot
So I've come arose a lot of posts but nothing really helped.
Adapted following files with the purchased certificate, and restarted the server:
/etc/exim.cert
/etc/exim.key
/etc/exim.conf
Default settings (I've not changed anything here):
daemon_smtp_ports = 25 : 587 : 465
tls_on_connect_ports = 465
# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
tls_advertise_hosts = *
#auth_over_tls_hosts = *
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.crt/server.key
The 3 pem files for directadmin - does not exist (so idk if this is needed?)
DNS settings
ftp A 77.72.145.219
mail A 77.72.145.219
ns1.poisonmichael.com. A 77.72.145.219
ns2.poisonmichael.com. A 77.72.145.219
poisonmichael.com. A 77.72.145.219
pop A 77.72.145.219
smtp A 77.72.145.219
www A 77.72.145.219
poisonmichael.com. NS ns1.poisonmichael.com.
poisonmichael.com. NS ns2.poisonmichael.com.
poisonmichael.com. MX 10 mail
poisonmichael.com. TXT "v=spf1 a mx ip4:77.72.145.219 ~all"
MX records: " Use this server to handle my emails. If not, change the MX record and uncheck this option" - Is selected
Ports are open.
----------
So like I said I'm not sure what to do anymore
Is it a problem with my certificate? Is my DNS wrong? Do I have to add / change settings?
CentOS 7
Apache 2.4.18
DirectAdmin 1.51.4
Exim 4.83
MariaDB 5.5.41
Named 9.9.4
sshd
dovecot 2.2.21 (5345f22)
pure-ftpd 1.0.42
Php 5.5.32
Please let me know if you need some more information like logs or something else
Kind regards,
Michael
For a few days now I'm trying many different ways to get the e-mails to work though a secure ssl connection. I've tried Let's Encrypt as well as a certificate I've purchased today. But still it doesn't want to detect it I guess. Or maybe my DNS isn't done correctly?
These are my latest steps:
1) A clean install of my VPS (installed DA update, no CustomBuild plugin)
2) Added the website (poisonmichael.com)
"Secure SSL" is enabled for that domain.
And "Use a symbolic link from private_html to public_html - allows for same data in http and https" as well
3) I've set the nameservers from my host to ns1.poisonmichael.com and also for ns2.
4) The nameservers are added in Administrator Settings.
5) Server name: server.poisonmichael.com (Reverse DNS same)
6) Created a new email for that domain: [email protected]
7) In the SSL Certificates section I've added the CA bundle (3 parts) in the "Click Here to paste a CA Root Certificate" box and selected "Use a CA Cert.".
8) In the "Paste a pre-generated certificate and key" I've pasted both my private key and the certificate.
9) When I try to visit https://www.poisonmichael.com it works without a problem. And when checking the certificate with https://www.digicert.com/help/ it seems it's ok?
10) When I now try (with Thunderbird) to connect to my account it default detects:
IN: IMAP, mail.poisonmichael.com, STARTTLS
OUT: SMTP, mail.poisonmichael.com, no encryption
11) If I try to manually change these settings to use:
IN: 993, SSL/TLS
OUT: 465, SSL/LTS
It tells me it can't find any e-mail settings.
Troubleshoot
So I've come arose a lot of posts but nothing really helped.
Adapted following files with the purchased certificate, and restarted the server:
/etc/exim.cert
/etc/exim.key
/etc/exim.conf
Default settings (I've not changed anything here):
daemon_smtp_ports = 25 : 587 : 465
tls_on_connect_ports = 465
# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
tls_advertise_hosts = *
#auth_over_tls_hosts = *
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.crt/server.key
The 3 pem files for directadmin - does not exist (so idk if this is needed?)
DNS settings
ftp A 77.72.145.219
mail A 77.72.145.219
ns1.poisonmichael.com. A 77.72.145.219
ns2.poisonmichael.com. A 77.72.145.219
poisonmichael.com. A 77.72.145.219
pop A 77.72.145.219
smtp A 77.72.145.219
www A 77.72.145.219
poisonmichael.com. NS ns1.poisonmichael.com.
poisonmichael.com. NS ns2.poisonmichael.com.
poisonmichael.com. MX 10 mail
poisonmichael.com. TXT "v=spf1 a mx ip4:77.72.145.219 ~all"
MX records: " Use this server to handle my emails. If not, change the MX record and uncheck this option" - Is selected
Ports are open.
----------
So like I said I'm not sure what to do anymore
Is it a problem with my certificate? Is my DNS wrong? Do I have to add / change settings?CentOS 7
Apache 2.4.18
DirectAdmin 1.51.4
Exim 4.83
MariaDB 5.5.41
Named 9.9.4
sshd
dovecot 2.2.21 (5345f22)
pure-ftpd 1.0.42
Php 5.5.32
Please let me know if you need some more information like logs or something else
Kind regards,
Michael
