Lets encrypt valid date issue with email/outlook

Richard G

Verified User
Joined
Jul 6, 2008
Messages
12,569
Location
Maastricht
I got a letsencrypt certificate for my domain which should expire juli 12th.
When I check via command line it says this (running Letsencrypt 1.1.2.)
Code:
Lets Encrypt domain: mydomain.nl
subjectAltName=DNS:mydomain.nl, DNS:mail.mydomain.nl, DNS:pop.mydomain.nl, DNS:smtp.mydomain.nl, DNS:www.mydomain.nl
-- Created: Sat Apr 14 00:22:53 CEST 2018 - 1523658173
-- Renewal: Wed Jun 13 00:22:53 CEST 2018
-- Renewal in 30 days.

Which should be correct. When visithing https://www.mydomain.nl and checking the info, it's all oke with expiration date juli 12th.

However, when I chek my mail with outlook for that domain there is a security warning that the certificate date is not witin a valid date, it says:

Let's Encrypt authority X3
Valid from 12-02-2017 till 13-05-2018

It's European date, so it's valid from februari 12th till may 13th which is today.

This is strange, because also SSLLABS site gives the validation date of july 12th as expiration date also for mail, and giving it an A rating.
What can be causing this issue on this single domain?

My date/time on my pc is correct.
I'm running Outlook 2013 and Windows 10 v1803. I do not have issues with other ssl mail domains.
The server is running Centos 6.9, Letsencrypt 1.1.2, Exim 4.91 with spamblocker exim.conf v.4.5.9.
 
Last edited:
SSLLabs only does the check for https, not for mail (dovecot) :) Can you do the email test on internet.nl ?

And do you use mail_sni? Did dovecot successfully reload after the renewal?
 
Thank you for responding.

There was no renewal yet, the renewal should only happen on june 12th, not today. So no renewal occured yet.
I am using mail_sni and do not have issues with my other domain like another private domain and my company domain. It's just this one domain.
I did the test on internet.nl and all was fine.

However, your reply fixed the issue it seems.

There was no renewal on my domain as you can see by the dates, but I just reloaded Dovecot to be sure there was not some old stuff from the letsencrypt update from 1.1.1 to 1.1.2 kept hanging and now it's working good.

Seems Dovecot did not refresh somehow.
Thanks!
 
Last edited:
Back
Top