Hostname is invalid even though it is correct in webmin?

Kieran · August 31, 2016, 2:10pm

Please fill out the fields below so we can help you better.

My domain is: kieran.pw

I ran this command: /

It produced this output: /

My operating system is (include version): raspbian 7 wheezy

My web server is (include version): dovecot (mail) 2.1.7

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): sometimes webmin 1.810

I am trying to send mails but the iMac default mail programm says that it’s an invalid cert (valid till nov 2016) because the hostname is wrong. I am using the mail @kieran.pw and created the cert using Webmin for the domain kieran.pw. How can I fix it? It’s important because gmail says that they couldnt check if its spam or not (probs because of the cert) and most of the email providers (like gmx.net) just ignore the mail and dont even put it in the spam.

serverco · August 31, 2016, 3:24pm

My first guess is that you haven't got the correct cert in your config.

Typically in /etc/dovecot/conf.d/10-ssl.conf you would need

ssl_cert = </etc/letsencrypt/live/kieran.pw/fullchain.pem
ssl_key = </etc/letsencrypt/live/kieran.pw/privkey.pem

If that doesn't fix it - what do you have in your config ?

Osiris · August 31, 2016, 4:54pm

Dovecot is an IMAP/POP3 daemon. You also use it to send mail?

Anyway, your iMac default mail program checks the value you’ve entered into the hostname field for your outgoing mail server against the hostname(s) in the certificate. This can be different than the domain name your email address contains. I.e.: you can have a email address like @a.com which is send through mail.b.com.

Kieran · August 31, 2016, 5:48pm

@Osiris Oops I forgot to mention postfix
@serverco Sry forgot to edit posfix config
kay looks like it’s using the correct cert now. I just requested one for mail. www. and @ but now Thunderbird says it couldn’t verify whether letsencrypt is a trusted authority. Issuer unknown http://puu.sh/qVgqF/d52d2c108a.png

Osiris · August 31, 2016, 6:48pm

Thunderbird can send (SMTP/Postfix) and receive (IMAP/Dovecot) e-mail… What part of the Thunderbird usage is not working?

Have you used the correct PEM file in the corresponding configurations? (i.e.: fullchain.pem)

Kieran · August 31, 2016, 8:10pm

Like I said, Thunderbird says the Issuer of the cert is unknown. Both ways, receive and send.

Osiris · August 31, 2016, 8:18pm

I'll repeat myself, because I'm very sure this is your problem (just checked with openssl s_client):

Kieran · August 31, 2016, 8:22pm

I’ll look, sorry. Not really sure what you mean with that

Osiris · August 31, 2016, 8:27pm

Clients will need the complete chain leading up to a root certificate. So serving only cert.pem will get you in trouble, because the client won’t accept the intermediate certificate as an “end point” (because it isn’t a root certificate and therefore the client doesn’t know and accept it). When you’re using (in your case) fullchain.pem (which is just cert.pem and chain.pem in one file), the server will send both those certificates to the client… And now the client can “build” a chain completely up to the root certificate, which it knows and accepts.

system · September 30, 2016, 8:27pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.