LetsEncypt certificates for the server?

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,798
Location
A Coruña, Spain
Latest DA Version have an option to request and automatic install a Let's Encrypt certificate in the SSL management menu.

If that's not the info you were looking for let me know, i may have missunderstood your request :)

Regards
 

develop

Verified User
Joined
Jun 9, 2016
Messages
147
Location
Istanbul, TR
I have installed. To easy install.
But I m not sure about use it because when check cert on mxtool:
There is an error!
HTTPS Certificate Check The Certificate has a name mismatch

I set IMAP POP on ssl.

When I create new email account on exapmle: microsoft mail > there is an error un trasted cert. Cant send recieve mail.

How to fixed it?
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,798
Location
A Coruña, Spain
Did you create the cert for the server hostname or for the domain?
The certificate for the server hostname will be installed on exim/dovecot/ftp to allow ssl connections with a valid cert, but will not work for the domain itself (like mail.domain.com) unless you add that in your /usr/local/directadmin/conf/ca.san_config and than request a cert for the server hostname with: /usr/local/directadmin/scripts/letsencrypt.sh request HOSTNAME 4096


Regards
 

develop

Verified User
Joined
Jun 9, 2016
Messages
147
Location
Istanbul, TR
If need to replace let's encrypt cert to startssl

I have startssl sert for my hostname

1_root_bundle.crt
2_server.myhostname.net.crt

Can I use that with replace on Let'sEncrypt cert?
How can I do it?
 

develop

Verified User
Joined
Jun 9, 2016
Messages
147
Location
Istanbul, TR
Did you create the cert for the server hostname or for the domain?
The certificate for the server hostname will be installed on exim/dovecot/ftp to allow ssl connections with a valid cert, but will not work for the domain itself (like mail.domain.com) unless you add that in your /usr/local/directadmin/conf/ca.san_config and than request a cert for the server hostname with: /usr/local/directadmin/scripts/letsencrypt.sh request HOSTNAME 4096


Regards
Yes I create cert with guide: http://forum.directadmin.com/showthread.php?t=53332
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,798
Location
A Coruña, Spain
so you have already an ssl cert for your hostname? In that case, if that cert is valid, you need to set as mail server the server hostname in order to use ssl with a valid cert.

Regards
 

develop

Verified User
Joined
Jun 9, 2016
Messages
147
Location
Istanbul, TR
I create a cert Let's Encrypt and also I have a cert for server.hostname.com, hostname.com from startssl.

Now server use Let's Encrtypt but I have error mistmach name...
Maybe I can change it with my other cert. But I dont know how to..

Best regards.
 

develop

Verified User
Joined
Jun 9, 2016
Messages
147
Location
Istanbul, TR
With that cert I recive error for all type connection.
I think my Let's Encrypt cert is not valid. But Other cert I have registered from startssl is valid.
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,798
Location
A Coruña, Spain
I just checked and replied to your PM.
The cert look good, the cert test result to "A" so it's perfect. Maybe you're using a very old browser?

Also, there is no need to hide the domain and send it via PM, is not such a security hole :)

Regards
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,798
Location
A Coruña, Spain
Where do you get the certificate mismatch error? On the browser? On the mail client? What URL?

The URL you did send me has been tested on apache software (so, web), and it's working, so, please clarify.

Regards
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,798
Location
A Coruña, Spain
Again, what domain? The hostname you sent me via PM is valid and working.

Please provide a screenshot or the domain you're having problems with.

Regards
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,798
Location
A Coruña, Spain
The first screenshot talk about a name mismatch, the certificate is for server.turkweb.net , are you checking server.turkweb.net or turkweb.net? Please take in mind that those are two different domain, having different conf and different certificate.

What is maxxdunyasl.com? Is the domain you're checking or what?

Regards
 

develop

Verified User
Joined
Jun 9, 2016
Messages
147
Location
Istanbul, TR
The first screenshot talk about a name mismatch, the certificate is for server.turkweb.net , are you checking server.turkweb.net or turkweb.net? Please take in mind that those are two different domain, having different conf and different certificate.

What is maxxdunyasl.com? Is the domain you're checking or what?

Regards
Oh yes. I want to provide ftp connection over ftps for users and want to server provide that. It's not possible?
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,798
Location
A Coruña, Spain
So, the ftp server would use the server hostname certificate, so if you want to connect via FTP over SSL and don't have a warning is to use server.turkweb.net as host where to connect to.

Regards
 
Top