Page 2 of 2 FirstFirst 12
Results 21 to 25 of 25

Thread: The domain name of at least one of your mail servers does not match the domain name

  1. #21
    Join Date
    Aug 2015
    Posts
    314
    Ah, thank you so much, so that is the "problem", as they do not support SNI.

    Thank you for taking time. All the best.

    Kind regards, Fred

  2. #22
    Join Date
    Sep 2017
    Posts
    12
    I have some more questions about this. I'm also running one VPS for multiple websites but I'm not sure if my setup is correct since I'm also getting the certificate mismatch in like Filezilla and Thunderbird.

    The server name is server.apples.com and I created a certificate for it (Let's Encrypt) via:

    Code:
    cd /usr/local/directadmin/scripts
    ./letsencrypt.sh request server.apples.com 4096
    Now for my emails I want to use mail.apples.com so I added DNS:mail.apples.com to vi /usr/local/directadmin/conf/ca.san_config
    Reran the ./letsencrypt.sh request server.apples.com 4096 and it looks like that was working.

    So now for the other domain tomatoes.com do I also use server.apples.com as in and outgoing server or do I use mail.tomatoes.com? If so do I just create a certificate for mail.tomatoes.com via de Let's Encrypt panel?

    I do have mail_sni=1 in the da settings. And in my case do I also have to do those TASK QUEUE settings?

    And one more thing. Since I use Cloudflare for my DNS I just added these values to tomatoes.com is this also correct?

    Code:
    A tomatoes.com	points to 123.456.789.11
    
    A ftp	points to 123.456.789.11
    
    A mail	points to 123.456.789.11
    
    A www	points to 123.456.789.11
    
    MX tomatoes.com mail handled by mail.apples.com 1
    
    TXT _dmarc	v=DMARC1;p=none
    
    TXT _domainkey	o=~
    
    TXT tomatoes.com	v=spf1 a mx ip4:123.456.789.11 ~all
    
    TXT x._domainkey	v=DKIM1;k=rsa;p=long_string_here

  3. #23
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,704
    Hello,

    server.apples.com as in and outgoing server or do I use mail.tomatoes.com?
    You should decide. The both variants are possible, depending on what devices you use.

    Filezilla does not care about your MX records.

    Thunderbird can use autodiscovery/autoconfig, so you might can use this functionality or rely on MX records.

    And the server should have a valid SSL/TLS cert for the names used for MX.

  4. #24
    Join Date
    Dec 2018
    Posts
    8
    Sorry to revice and old topic but I'm in the same boat. My problem is however I dont seem to be able to issue a Let Encrypt SSL certificate that includes the mail.domain.com domain. I have tried adding it as subdomain from the main domain and even as seperate domain but I end up with the same error as shown below. What am I doing wrong? Because of this I'm getting an SSL error trying to setup POP3 mail within Gmail.

    Code:
    Requesting new certificate order...
    Processing authorization for mail.solidewebservices.com...
    Error: http://mail.solidewebservices.com/.well-known/acme-challenge/letsencrypt_1547035047 is not reachable. Aborting the script.
    dig output for mail.solidewebservices.com:
    212.237.233.121
    Please make sure /.well-known alias is setup in WWW server.

  5. #25
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,704
    Make sure you see letsencrypt=1 when running the command:

    Code:
    /usr/local/directadmin/directadmin c | grep letsencrypt=

    and try and see whether or not it helps:

    Code:
    cd /usr/local/directadmin/custombuild/
    ./build update 
    ./build letsencrypt
    ./build rewrite_confs

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •