I am going to try to explain an issue that has been persistent for over a year now.
We have a Linux hosted server CentOS 7.5 with Plesk 17.5 and we use the LetsEncrypt service to secure both web and emails.
Clients using the server for email mostly are on Apple mail. I am talking MacBook’s, iPhones and iPads.
Regularly (as in every 3 months) when the certificate renews we run into issues.
Sometimes your laptop will just work and your phone will stop sometimes both sometimes just laptop and the phone will be fine. No consistency.
In most cases where it doesn’t work on a laptop a pop up will show saying this certificate is unknown and cannot be trusted. You then view the certificate and hopefull there is an option there (I am saying hopefully because sometimes with mail that option isn’t there) you will go in and select “always trust” and confirm with your password and all will be fine.
On the iPhone it’s a little more tricky.
You also get a pop up but then once you view the certificate there is no “trust” option.
The only way you get to see a trust option on a certificate is if you go and delete your mailbox and then re-create it. Then you get the same “unknown certificate” pop up but this time when you view it there is a TRUST option in the top right hand corner.
Right. Add on top of that the fact that you can easily confuse a machine by acting wild with settings while it tries to sync all that to your wonderful (I am being sarcastic right about now) iCloud Keychain and you have it. All my users are going wild every three months and I am growing tired of deleting and recreating mailboxes just to be able to “trust” the certificate…
Isn’t there a better way to do this? Surely I am an ignorant and this is a bad setup .
All of you who are using Linux servers and Apple devices out there…
Please enlighten me.