Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: jlallc.com
I ran this command: N/A
It produced this output: N/A
My web server is (include version): IIS
The operating system my web server runs on is (include version): Windows Server 2016 Standard
My hosting provider, if applicable, is: We host our own servers
I can login to a root shell on my machine (yes or no, or I don't know): N/A
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): N/A
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certify the Web
We have a very strange issue here and we have exhausted everything we know how to do so I'm posting here with hopes that someone else has seen this.
We have a domain on one of our email servers. We have EAS, EWS/MAPI enabled for the users. We have autodiscover set up for this domain and we have a Let's Encrypt SSL cert which contains both autodiscover.domain.com and mail.domain.com. We are using Lets Encrypt with Certify the Web on our server. We have an autodiscover "A" record which points to our server IP and we have a proper SRV record.
When we try to autodiscover from Outlook or Thunderbird, we get an SSL certificate error for a domain called whgi.net and the autodiscover fails. We have NO idea who whgi.net is. They have nothing to do with us or our customer. We have tried from several different PCs and different networks using a few different versions of Outlook and we get the same error on all of them. We even tried adjusting our Windows registry and no luck. Autodiscover keeps trying to query whgi.net. We even tried changing the DNS server for domain.com from Windows DNS to a different DNS provider.. Same problem. We added entries to our Windows hosts file on our local machines for autodiscover.domain.com and mail.domain.com But Outlook still tries to query whgi.net. So strange. It's LetsEncrypt affiliated with whgi.net? Thanks.
Check your mail hosting setup as jlallc.com:993 (imaps) is serving certificates for whgi.com.
3 Likes
Thank you Max. That tells me that the autodiscover is querying the web server, but not the mail server even though our autodiscover A record is pointing to our server and so is the SRV record. Any ideas why it autodiscover would be querying the wrong server when the records are correct?
We solved it! It was a problem with Outlook after all!
I'm going to leave the solution here in case anyone else needs it.
Thank you again for your replay Max. Much appreciated!
Adding this via PowerShell
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Office\16.0\Outlook\AutoDiscover" `-Name "ExcludeHttpsRootDomain" -Value 1 -Type DWord
or adding via Command Prompt
reg add "HKCU\Software\Microsoft\Office\16.0\Outlook\AutoDiscover" /v ExcludeHttpsRootDomain /t REG_DWORD /d 1 /f
4 Likes