Domains with SSL for IMAP and SMTP

nowiresltd

New member
Joined
Oct 6, 2014
Messages
4
Hi all

I have tried on and off for a few weeks to try and get

IMAP / POP3 and SMTP to work with the Lets Encrypt SSL's which work just fine for HTTP(s)

I have followed this - https://www.directadmin.com/features.php?id=2019 on two different systems with fresh domains (one system is debian and the other centos)

I get the same result on both.

openssl s_client -connect mail.domain2:465 -crlf
openssl s_client -connect mail.domain2:993 -crlf
openssl s_client -connect mail.domain2:25 -starttls smtp

They always return the localhost (self signed cert)


/usr/local/directadmin/directadmin c | grep sni
enable_ssl_sni=1
mail_sni=1

/usr/local/directadmin/directadmin c | grep letsen
letsencrypt=1
letsencrypt_renewal_days=60
letsencrypt_renewal_failure_notice_after_attempt=5
letsencrypt_disable_renew_after_renew_failure=0
letsencrypt_max_requests_per_week=100
letsencrypt_multidomain_cert=2
letsencrypt_renewal_success_notice=0
letsencrypt_renewal_notice_to_admins=1
letsencrypt_renewal_error_to_users=1
renew_letsencrypt_on_suspended_domain=0
letsencrypt_account_email=0
letsencrypt_list=www:mail:ftp:pop:smtp
letsencrypt_list_selected=www

cat /etc/dovecot/conf.d/95-sni.conf
!include_try /etc/dovecot/conf/sni/*.conf

ll /etc/dovecot/conf/sni/*.conf
-rw-r--r-- 1 root root 1336 Jul 14 09:57 /etc/dovecot/conf/sni/domain1.conf
-rw-r--r-- 1 root root 594 Jul 14 09:57 /etc/dovecot/conf/sni/domain2.conf
-rw-r--r-- 1 root root 1174 Jul 14 09:57 /etc/dovecot/conf/sni/domain3.conf

cat /etc/dovecot/conf/sni/domain2.conf
local_name mail.domain2 {
ssl_cert = </usr/local/directadmin/data/users/admin/domains/domain2.cert.combined
ssl_key = </usr/local/directadmin/data/users/admin/domains/domain2.key
}
local_name domain2 {
ssl_cert = </usr/local/directadmin/data/users/admin/domains/domain2.cert.combined
ssl_key = </usr/local/directadmin/data/users/admin/domains/domain2.key
}
local_name www.domain2 {
ssl_cert = </usr/local/directadmin/data/users/admin/domains/domain2.cert.combined
ssl_key = </usr/local/directadmin/data/users/admin/domains/domain2.key
}

Anything I have missed

Thanks in advance.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,327
Location
LT, EU
Your openssl commands for testing are wrong :) I guess cert works without issues. You're missing the -servername part in your command, which identifies which domain are you requesting the cert for. The command should be:
Code:
openssl s_client -showcerts -connect mail.example.com:993 -servername mail.example.com
 

nowiresltd

New member
Joined
Oct 6, 2014
Messages
4
Many thanks.

your command did show it correctly, and after following the Howto again it started working.

Andrew
 
Top