LetsEncrypt and Mail

D

DanR

Verified User
Joined
Sep 1, 2019
Messages
18
Hi

I have just moved accounts from my older server to a new install.
I have remade all my LetsEncrypt using Wildcards, successful. However, its saying my mail.domain.com is not secure and giving me a localhost cert... no idea how to fix... the web SSL is fine!

Help!
Dan
 
Ok don't want to assume here
Did you do all of this? Follow the hyperlinks in the help guide as well

If yes you should see it here
Users should then be able to see the LetsEncrypt option:
User Level -> SSL Certificates

I think you need to check the wildcard box
and select the DNS names you need it for mail, www, ftp ect
 
Yeah I’ve done all that mate...

Like I say websites are all fine, green tick, but email clients are having none of it.... just cert error local host mismatch
 
In your directadmin.conf

What shows for
Code: 
letsencrypt_list=www:mail:ftp:pop:smtp:webmail
letsencrypt_list_selected=www:webmail:mail
 
These are all the settings I have...

letsencrypt=1
letsencrypt_renewal_days=60
letsencrypt_foreground_http_max=10
letsencrypt_renewal_failure_notice_after_attempt=5
letsencrypt_disable_renew_after_renew_failure=0
letsencrypt_max_requests_per_week=100
letsencrypt_multidomain_cert=3
letsencrypt_renewal_success_notice=0
letsencrypt_renewal_notice_to_admins=1
letsencrypt_renewal_error_to_users=1
renew_letsencrypt_on_suspended_domain=0
letsencrypt_account_email=0
letsencrypt_list=www:mail:ftp:pop:smtp
letsencrypt_list_selected=www
 
DanR said:
I have just moved accounts from my older server to a new install.
Click to expand...
Define "just". Could it have something to do with dns synchronisation?

You're also not using a cname record for mail.domain.com but an A record, correct?

You might also use this too if you've not done so yet:

DanR said:
These are all the settings I have...
Click to expand...
How/where did you get that list? I don't have that much in my directadmin.com.
Only the letsencrypt=1 and mail_sni=1 which should do the trick.
 
Richard G said:
Define "just". Could it have something to do with dns synchronisation?

You're also not using a cname record for mail.domain.com but an A record, correct?

You might also use this too if you've not done so yet:


How/where did you get that list? I don't have that much in my directadmin.com.
Only the letsencrypt=1 and mail_sni=1 which should do the trick.
Click to expand...

I have my ns1 and ns2 records set to TTL 300 - so they all updated to the new server pretty quickly... the websites including SSL were loaded from the new server.

Emails were also being pulled from the new server however there was the SSL error on email clients.

You are correct there is an A record for mail.domain.com - could this be the issue as the TTL on those is longer?

Also - when you migrate Directadmin to Directadmin - does LetsEncrypt / SSL sort itself out? Or do I need to manually update them all?

Regarding the settings, I used a command that thats what it gave me, in my actual directadmin.conf there is as you said - letsencrypt=1 and mail_sni=1

bdacus01 said:
There is also this one

Click to expand...

Thanks for your help - I cant as SSL for my hostname at the moment as I have reached my limit for that domain... could that be the issue?

Dan
 
DanR said:
Also - when you migrate Directadmin to Directadmin - does LetsEncrypt / SSL sort itself out? Or do I need to manually update them all?
Click to expand...
Normally when you for example use Admin backup/transfer it will sort itself out automatically.

DanR said:
I used a command that thats what it gave me,
Click to expand...
Yes but I was looking for that command, so I can try and see what it says on my server to compare.

Letsencrypt indeed does have various request limits so that could well be the issue.
 
You must log in or register to reply here.
Back
Top