The domain name of at least one of your mail servers does not match the domain name

Ah, thank you so much, so that is the "problem", as they do not support SNI.

Thank you for taking time. All the best.

Kind regards, Fred
 
I have some more questions about this. I'm also running one VPS for multiple websites but I'm not sure if my setup is correct since I'm also getting the certificate mismatch in like Filezilla and Thunderbird.

The server name is server.apples.com and I created a certificate for it (Let's Encrypt) via:

Code:
cd /usr/local/directadmin/scripts
./letsencrypt.sh request server.apples.com 4096

Now for my emails I want to use mail.apples.com so I added DNS:mail.apples.com to vi /usr/local/directadmin/conf/ca.san_config
Reran the ./letsencrypt.sh request server.apples.com 4096 and it looks like that was working.

So now for the other domain tomatoes.com do I also use server.apples.com as in and outgoing server or do I use mail.tomatoes.com? If so do I just create a certificate for mail.tomatoes.com via de Let's Encrypt panel?

I do have mail_sni=1 in the da settings. And in my case do I also have to do those TASK QUEUE settings?

And one more thing. Since I use Cloudflare for my DNS I just added these values to tomatoes.com is this also correct?

Code:
A tomatoes.com	points to 123.456.789.11

A ftp	points to 123.456.789.11

A mail	points to 123.456.789.11

A www	points to 123.456.789.11

MX tomatoes.com mail handled by mail.apples.com 1

TXT _dmarc	v=DMARC1;p=none

TXT _domainkey	o=~

TXT tomatoes.com	v=spf1 a mx ip4:123.456.789.11 ~all

TXT x._domainkey	v=DKIM1;k=rsa;p=long_string_here
 
Hello,

server.apples.com as in and outgoing server or do I use mail.tomatoes.com?

You should decide. The both variants are possible, depending on what devices you use.

Filezilla does not care about your MX records.

Thunderbird can use autodiscovery/autoconfig, so you might can use this functionality or rely on MX records.

And the server should have a valid SSL/TLS cert for the names used for MX.
 
Sorry to revice and old topic but I'm in the same boat. My problem is however I dont seem to be able to issue a Let Encrypt SSL certificate that includes the mail.domain.com domain. I have tried adding it as subdomain from the main domain and even as seperate domain but I end up with the same error as shown below. What am I doing wrong? Because of this I'm getting an SSL error trying to setup POP3 mail within Gmail.

Code:
Requesting new certificate order...
Processing authorization for mail.solidewebservices.com...
Error: http://mail.solidewebservices.com/.well-known/acme-challenge/letsencrypt_1547035047 is not reachable. Aborting the script.
dig output for mail.solidewebservices.com:
212.237.233.121
Please make sure /.well-known alias is setup in WWW server.
 
Make sure you see letsencrypt=1 when running the command:

Code:
/usr/local/directadmin/directadmin c | grep letsencrypt=


and try and see whether or not it helps:

Code:
cd /usr/local/directadmin/custombuild/
./build update 
./build letsencrypt
./build rewrite_confs
 
Back
Top