Webmail ssl issue.

ozgurerdogan

Verified User
Joined
Apr 20, 2008
Messages
338
Even I successfully install ssl for mail.domain.com, browser cannot validate ssl and it show ssl name is invalid with name of directadmin hostname. Also ssl check from a 3rd party web site can not validate ssl. But da successfully installs ssl for webmail domain.
And if I continue to web site, I am seing "Apache is functioning normally" page.
Any advise?
 
I think some things are missing from your configuration, as the "apache is functioning normally" is only used when visiting the server via either ip or hostname. Might also be a DNS issue.

Did you make any customisations for apache?
Did you also created a certificate for your hostname?
Is enable_ssl_sni=1 and ssl=1 and letsencrypt=1 present in directadmin.conf?
 
Check directadmin.conf if this setting is correct:
ssl_redirect_host=server.yourhost.com
where server.yourhost.com is the correct current hostname of your server.
Also check if the hostname is present in the /etc/virtual/domains file.

If that is all oke, then I'm out of idea's at this moment. Still looks like a DNS issue to me. You first have to be able to visit your website.
 
Ah sorry I was edditing my post.
I still think it's some DNS issue, as in spite of the fact that ssl will or will not work, you should be able to visit your website (evt. with ssl error).
So I would start looking at DNS issues.
 
mail.domain.com
Yes that is not how this is configured in DA to work.

That mail. part is handled by script (s) in a total other way then a subdomain as www or sub.domain.

I guess more problems with this as no obvious howto if you mannually put that mail. for the LE cert creations , mabye there are DA docs i don't know
 
Look at normal Domainurl inbrwoser and then the cert for which they are valid in the browser, i think you see not for that part a valid one. ( you see normally www and non www. that cert is created for there.

That is how DA basic config for ssl LE certs script is

IN dovecot part this is handled by the DA script to handle there the domain cert also on mail. if sni....

With the default also problems on some mailtesters if using , mail.domain.url in mx records then a error x509 not FQDN .. is in forum here.
 
Last edited:
I can validate san includes mail.domain.com in browser cert details. But when visiting url mail.domain.com, I am getting invalid commond name and in details I see server's hostname.
 
But when visiting url mail.domain.com, I am getting invalid commond name and in details I see server's hostname.
Bad idea. You should use webmail.domain.com for webmail. Not mail.domain.com. It's normal that you get an "apache is functioning normally" when using mail.domain.com in a browser.
 
I can validate san includes mail.domain.com in browser cert details. But when visiting url mail.domain.com, I am getting invalid commond name and in details I see server's hostname.
Yea that is how it is and should in and with DA however this is not 100% how it should while this kind of setup / config and scripts to has the workarround dovecot mail on domain itself gives the x509 not FQDN error. ( that is another problem then you have now , but yes you have that one to)

So read the docs and please Richard G is writing above
 
I am managing many da server and all of them have same mail.domain.com format with ssl enabled and no issue. This issue is only related to one server and only couple of domains.
 
Hi, how is that possible, i already did this: https://docs.directadmin.com/webser...html#setting-up-webmail-domain-com-as-default
And webmail.mydomain.com is working, but mydomain.com/webmail not works, what can i do to make it work?
Another thing that I have not been able to achieve is to add an ssl certificate to webmail.mydomain.com.
On the "Get automatic certificate from ACME Provider" tab i'm not able to see webmail.mydomain.com i only see ftp, pop, mail, smtp but not webmail.
I have this on my directadmin.conf
letsencrypt_list=www:mail:ftp:pop:smtp:webmail
letsencrypt_list_selected=www:webmail
enable_ssl_sni=1
ssl_redirect_host=hope.mydomain.com

I already checked /etc/virtual/domains, my hostname is present.

What i'm doing wrong?
 
My friends, now all is working, webmail.mydomain.com and /webmail, idk what i done, but the last thing i do was, rebuild dovecot due to the imap server failed error:
./build update
./build set dovecot yes
./build set dovecot_conf yes
./build dovecot
./build dovecot_conf
After that all seems to work, ssl on webmail.mydomain.com (y)
 
Back
Top