How can I give a certificate to my mail subdomain

Hybral · May 5, 2017, 9:52am

Hello,everyone!
I’m a new comer to Let’s encrypt! And I like to ask how to give a certificate to my subdomain mail.chemsci.top.[Chrome gives a hint—“ERR_CERT_COMMON_NAME_INVALID” because I don’t give it a certificate ]This mail service was put on a the mail server(Aliyun) rather than on my personal server.Even I removed the HSTS, It didn’t work at all!

So,I’d like to ask you for advice.

Hybral · May 5, 2017, 3:58pm

@jsha Can you help me? Thank you!

schoen · May 5, 2017, 4:24pm

@Hybrai, have you already used Let’s Encrypt to obtain certificates before, or would this be the first time doing this?

I didn’t understand whether you are the system administrator of the mail server. It sounds like you’re not. If not, you probably won’t be able to install certificates there at all, without the assistance of the system administrator.

Hybral · May 6, 2017, 1:27am

Yes I’m first time to use Let’s Encrypt. And I’m just postmaster of the mail server.

Do you mean I can not give a certificate to my mail subdomain becuase I’m not the administrator of the server? Which means I can’t use mail service if I don’t ask the server administrator for help?

ahaw021 · May 7, 2017, 5:44am

hi @Hybral

When you add a help post it suggest a bunch of questions which you should answer rather than trying to formulate your own.

For example:

Are you trying to secure the web interfaces or the Mail Interface?
What is the Web Server/Mail Server that you are using?
What is the client that you will be using?
I can’t see any certificates for your domain with LetsEncrypt - have you tried to obtain one yet? https://crt.sh/?q=%mail.chemsci.top
Are you aware of the challenge types and how they work? https://letsencrypt.org/how-it-works/

Having a look at your website it is currently issuing a certificate for another domain being server

Andrei

schoen · May 8, 2017, 7:22pm

Normally you do have to be the system administrator of any server that you want to install a certificate on. It is usually considered a privileged/administrative task. There might be some exceptions to this when the server administrator has intentionally delegated certain abilities to certain users.

I do not mean that you have to be the administrator for the web server of the top-level domain (e.g., you don't necessarily have to be the administrator of the chemsci.top web server), but generally you do for whatever server is pointed at by the specific domain name. In that case that would be mail.mxhichina.com, IP address 42.156.140.99. If you're not the administrator of that system, you can probably not configure or affect the certificates that it uses.

system · June 7, 2017, 7:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.