Certificate not trusted


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.maquinamotors.es
and mail.maquinamotors.com

I ran this command: Certificate not trusted
I will attach an image

I Can’t use the mail and can’t send mails…

Please Help


#2

Are you the system administrator of the server in question? If so, would you please fill in all the questions of the questionnair which was presented to you? You have deleted most of those question, but they are required so we can actually help you.

If not, you should contact the server administrator of the mailserver and ask him/her to fix it.


#3

Hi,

Which server name are you trying to connects to?

Plesk’s mail server softwares does not seems to have SNI in place, hence it may not be good to issue certificates for individual hostnames…

On port 587 with starttls, the server only returns one certificate that have mail.maquinamotors.es without any other subject alternative names. Your client should receive an error when they are using mail.maquinamotors.com (as server name) to connect.

Thank you


#4

Some how, it works well everywhere except in IPHONE…

I’m trying to conect to mail.maquinamotors.comand it will say that the certificate is not valid for mail.maquinamotors.es

Thanks


#5

Hi @Maquinamotors

checking https://mail.maquinamotors.es/ - all is ok.

DNS-Name: mail.maquinamotors.es

But checking mail.maquinamotors.com - there is a self signed certificate.

So (1) use only .es or (2) create a certificate with both names .es/.com


#6

Yes. Because the mailserver software returns the certificate for mail.maquinamotors.es instead of a certificate for mail.maquinamotors.com. It’s likely and possible to include a error stating “certificate not valid”

However i’m not sure why other devices does not react to the server name mismatch…

Thank you


#7

That’s not what is shown in the smtp / pop connections.
In those connection, it would return a certificate for mail.maquinamotors.es


#8

Thanks to BOTH! Stevenzhu and JuergenAuer.

Tomorrow i will try to open another certificate for .com/.es

Thanks!


#9

For best coverage, request a certificate for both domains.