Results 1 to 3 of 3

Thread: With SNI on, i still get invalid certificate

  1. #1
    Join Date
    Sep 2014

    With SNI on, i still get invalid certificate

    I have enabled letsencrypt ssl for my mailserver; this all works flawlessly. The output of is this:

    Common Name (CN)

    Alternative Names

    My mailserver runs on my main IP ( which is also my shared IP of my sites for which i want to enable SNI for.
    So following the remarks in this thread, i've done: /usr/local/directadmin/directadmin c | grep sni

    which shows this:

    If i now enable let's encrypt via the DA control panel, e.g. and i browse to it, i get the certificate invalid error; where the certificate is pointing to So my assumption is that somehow the current SSL certificate from DA is being served by apache by default.

    Now my question is, if i follow the mail_sni setup in the thread mentioned above, will it 'automagically' start working? Or will my mailserver be screwed (and customer start complaining).

    By the way; i've setup my mailserver with Let's encrypt using this setup:
    which basically created the /usr/local/directadmin/conf/ca.san_config

    The contents are:
    [ req_distinguished_name ]
    CN =
    [ req ]
    distinguished_name = req_distinguished_name

    But i am guessing i don't need that anymore and that can be 'deleted' somehow?
    Last edited by webunity; 06-19-2018 at 11:27 AM.

  2. #2
    Join Date
    Apr 2005
    GMT +7.00

    There is always a chance things will go wrong. And even the feature works for many of us, nobody will guarantee that you won't run into an issue. Even I personally can guarantee only what I do myself.

    Anyway you please feel free to try and follow the steps, and let us know your results. You can always roll back changes.
    Alex Grebenschikov

    - You can hire me on to work on your server
    - Follow and like @Poralix on Facebook

  3. #3
    Join Date
    Aug 2015
    Did you follow the section "TASK QUEUE" too? Something like
    echo "action=rewrite&value=mail_sni&" >> /usr/local/directadmin/data/task.queue

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts