My domain is: astrohweston.xyz
I ran this command: certbot --certonly
Hello everyone.
I am trying to set up authentik's email password recovery.
For my email host, I use mailcow.
Now, when authentik tries to send a recovery email, an error is thrown that mentions how the certificate of mail.astrohweston.xyz is self signed and that's why it cannot send it.
I used certbot to obtain an ssl certificate, I thought let's encrypt signs those and not that it was self signed..
Any help appreciated!
Hi @Asynchronite,
This is probably a better solution for a self signed certificate Certificates for localhost - Let's Encrypt
No no - I mean I get an error from a service that I am trying to run saying that, when it tried sending an email using the smtp domain I provided, its certificate was self signed and thus it rejected the email sending job. How come it's self signed if I am like almost certain the CA is LE?
smtp server likely using different config and not pointed to right certificate
See What services does Let’s Encrypt offer?
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Thank you for assisting us in helping YOU!
My domain is: astrohweston.xyz
I ran this command: certbot certonly
It produced this output: It just deployed certificates successfully - not sure there's anything important here
My web server is (include version): Nginx v1.24.0
The operating system my web server runs on is (include version): Ubuntu 240.02 lts
My hosting provider, if applicable, is: Hetzner
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
So I found out a bit more, the certificate IS self signed, but there's a worker in the mail service called acme that automatically pulls a new valid certificate down and applies it. However, that worker throws an error every time, and it has to do with traffic being redirected from HTTP to HTTPS.
Another issue, all my traffic on subdomains that don't have an nginx configuration are served what's usually server on my api.astrohweston.xyz subdomain. Try it for yourself!
what is smtp subdomain? mail.astroweston.xyz?
Correct!
You have a Let's Encrypt certificate for mail.astrohweston.xyz and I see that domain using it for connections to you on port 587 and 465.
You are not having a problem getting an LE cert. Or even using it for at least these ports.
This looks like a configuration problem of your mail server. You may be better off asking about this on the Mailcow community: https://community.mailcow.email/