Results 1 to 5 of 5

Thread: SSL warning when adding mail account

  1. #1
    Join Date
    Jul 2018
    Posts
    5

    SSL warning when adding mail account

    Hi,

    I'm currently using Let's Encrypt certificate, (not that it should matter in this case I think).
    When adding a new mail account to my Thunderbird I get the warning that the hostname doesn't match the SSL certificate.

    This makes sense, the SSL certificate is on the hostname, internal-01.example.com.
    However when adding a mail account you use a domain such as mail.example.com.
    But I get the same error when adding an account for mail.exampleotherdomain.com doesn't match internal-01.example.com.

    This seems rather wrong, is there any way to solve the warning message so Exim/Dovecot does it correctly?

    Thanks.

  2. #2
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,509
    You say you are using Let's Encrypt SSL certificates.
    Did you also enabled "mail_sni=1" in directadmin.conf and also created an ssl certificate for mail.exampleotherdomain.com?

    Still in some cases the notice might still appear, because mail.xxxxx.com is no hostname in fact. I might have a test later on this, I only have Thunderbird on another computer.

    You can check if things are in good order here:
    https://www.sslshopper.com/ssl-checker.html

    Be aware! For a good check for the mail SSL you need to use the portnumber too, for example, do NOT use mail.exampledomain.com but use mail.example.com:465 (or 587 depending on what you use) to do the check.
    Greetings, Richard.

  3. #3
    Join Date
    Jul 2018
    Posts
    5
    Hi Richard G, thanks for helping me out.

    I didn't have a certificate, I have now and it works,

    However I have another customer with 200+ accounts, and all his clients get the same message.
    Would the only way to fix this be getting a Let's Encrypt SSL on all mail.example.com domains?
    That's a hell of a lot of work...

    No 'easier' fix?

    Thank you.

  4. #4
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,509
    Nowadays there is a wildcard option.
    I presume there is an easier way, but I don't know how.

    Did your customer with the 200+accounts already have an SSL certificate for all his domains? If not then maybe something like this might be of help:
    https://help.directadmin.com/item.php?id=675

    If he already has, there might be some other method like an SSH commandlinen option for it, but I'm not sure about that.
    Hopefully SMTalk or zEitEr can answer that for you. Or you could also send in a ticket for that question and share the solution here later.
    Greetings, Richard.

  5. #5
    Join Date
    Jul 2018
    Posts
    5
    Hi Richard,

    I found this forum post: http://forum.directadmin.com/showthr...130#post275130

    This fixed it, but is this the 'official' solution?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •