Required fields are flled out below, at the bottom of this message.
The problem I'm reporting is not with letsencrypt/certbot itself, but rather, with the iOS email client not being able to process the 90-day cert renewals. I use letsencrypt certs for my IMAP and SMTP domains (email is managed on linux via dovecot and postfix). All email clients except those under iOS offer the user the option to accept the changed certificates, but that doesn't happen under iOS. Instead, a popup comes up for these users saying, "Cannot verify server identity", and no "Accept" dialog or anything similar is offered.
I know this is specific to iOS, but I'm asking here, in case anyone here has solved this.
I searched on line, but all I could find concerning iOS recognizing the renewed certs is to remove and re-create each email account on the iOS client. However, I cannot ask my multiple email users on iOS to do this every 90 days for each and every one of their email accounts on each of their iOS devices.
Is anyone using letsencrypt certificates with postfix/dovecot with iOS email clients? Has anyone been able to tell iOS to renew the cert automatically, or at worst case, by the user clicking "Accept" or something like that?
Am I out of luck, or has anyone figured out a way to get around this problem under iOS?
Thank you very much.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
Any IMAP or SMTP command via the iOS email client
It produced this output:
Popup in iOS saying "Cannot verify server identity"
My web server is (include version):
This pertains to email. not the web.
Running dovecot 2.2.13 and postfix 2.11.3
The operating system my web server runs on is (include version):
Email servers run on Debian Linux 8
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):