SSL mail.customdomain does not work

[icarohenrique]

Hi!

I have a problem with Direct Admin. I am trying to issue SSL certificates for my domains, however, the mail.customdomain entry does not work.

The SSL that is for the incoming mail. it is always the hostname.

Has anyone experienced this problem?

I've already placed SNI inside directadmin.conf and tried to do it via shell script.

Thanks!

 

[Active8]

First check your DNS for problems, generate at least an SSL certificate for mail.domain.com /domain.com/www.domain.com

If this goes well prepare your DA box :

Check first if you have : secure_access_group=access in directadmin.conf

then

cd /usr/local/directadmin
echo mail_sni=1 >> conf/directadmin.conf
service directadmin restart
cd custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set dovecot_conf yes
./build exim_conf
./build dovecot_conf

echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d800

 

[icarohenrique]

Hi!

Thank you for your help!

I followed all instructions and tried again to issue the SSL certificate.
Direct Admin says it was successfully issued, but the server's hostname still appears on the SSL certificate

I checked the DNS and everything is okay.

 

[Active8]

what is the domain name ?

 

[icarohenrique]

I sent the domain by DM.

Thanks!

 

[Active8]

Checked your mail.domain.com and the certificate is there
you can test for your self : https://www.checktls.com/TestReceiver
Your customer can use mail.domain.com as out and incoming mail server

 

[Tazmanian79]

I have the same issue. When I go to mail.mydomain.com it says the connection is insecure and when I check the certificate it shows certificate of the host. Not mail.mydomain.com

When I check www.mydomain.com I can also see that there is a certificate for mail.mydomain.com
But for some reason mail.mydomain.com provides the wrong certificate.

 

[Richard G]

When I go to mail.mydomain.com

How do you "go" to there. With your browser? If yes, it's normal that it says the connection is insecure, because it's no webdomain, you can't visit it via the browser.

 

[Tazmanian79]

Yes by webbrowser. How can I check that it works and gives the correct certificate for mail systems?

 

[icarohenrique]

How do you "go" to there. With your browser? If yes, it's normal that it says the connection is insecure, because it's no webdomain, you can't visit it via the browser.

Hi!

But it is strange because using cPanel's AutoSSL it validates the mail.mydomain entry normally.

This problem with d02 started to happen recently, my clients started to complain about several errors that tools like Outlook and Thunderbird point their domain's certificate to the incoming mail. as insecure.

The reason for this problem is that the certificate issued to mail. it is like the hostname of the server.

I am still looking for a solution to this problem as it is causing a lot of problems with customers using email software.

 

[Active8]

How can I check that it works and gives the correct certificate for mail systems?

https://www.checktls.com/TestReceiver put your mail.domain.com in

 

[Active8]

my clients started to complain about several errors that tools like Outlook and Thunderbird point their domain's certificate to the incoming mail. as insecure.

Dirty temporary solution will be to use your (host)server name instead of mail.domain.com in your mail program
In the mean time you can try to solve this problem

 

[Lucas.]

Hi!

But it is strange because using cPanel's AutoSSL it validates the mail.mydomain entry normally.

This problem with d02 started to happen recently, my clients started to complain about several errors that tools like Outlook and Thunderbird point their domain's certificate to the incoming mail. as insecure.

The reason for this problem is that the certificate issued to mail. it is like the hostname of the server.

I am still looking for a solution to this problem as it is causing a lot of problems with customers using email software.

Hi @icarohernique,
How did you solve this?
I'm having the same issue. I have an SSL certificate on mail.rentalworks.be but it does not seem to work.


vps(dot)rentalworks.be is our server and mail(dot)rentalworks.be the mailserver.
But it seems it does not validate the ssl cert on mail rentalworks.be
Here proof that i have certifications


I cant seem to send any more emails because of this.

 

[Active8]

Did you tried this :

cd /usr/local/directadmin
echo mail_sni=1 >> conf/directadmin.conf
service directadmin restart
cd custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set dovecot_conf yes
./build exim_conf
./build dovecot_conf

echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d800

 

[Lucas.]

Did you tried this :

cd /usr/local/directadmin
echo mail_sni=1 >> conf/directadmin.conf
service directadmin restart
cd custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set dovecot_conf yes
./build exim_conf
./build dovecot_conf

echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d800

Hi! Thanks for your reply. I did try that.
Still no valid ssl cert:

 

[Active8]

try to rewrite confs

/usr/local/directadmin/custombuild/build rewrite_confs

Otherwise try to generate new certificate for your hostname

cd /usr/local/directadmin/scripts
./letsencrypt.sh request vps.rentalworks.be 4096

 

[Lucas.]

try to rewrite confs

/usr/local/directadmin/custombuild/build rewrite_confs

Otherwise try to generate new certificate for your hostname

cd /usr/local/directadmin/scripts
./letsencrypt.sh request vps.rentalworks.be 4096

YES! YES! YES!
I tried all your steps and after regenerating the SSL certs in directadmin aswell the SSL is valid for my mail. server.
Many thanks!

Lucas