Icewarp mail server, cannot get initial cert

Help
1

Hello Everyone,

I just updated to the latest version of Icewarp mail server, and I would like to use Let’s Encrypt. The request mechanism is built into the mail server software, so I do not have any options other than domain and submit. I do have port 80 open to the mail server, and I can see a request go out in the logs, but I don’t think I am ever getting anything as return.

When you request the certificate it says it will turn green when it is issued. Is this a 5 min thing, or a 5 hour thing?

The domain is dune-hd-usa.com, and the mail server I am trying to get a certificate for in mail.dune-hd-usa.com.

Any help would be appreciated, I feel like I am missing something simple.

Thanks,
Mike

1 Like
2

OK, update.

I think the certificate issued. If I go to the mail.dune-hd-usa.com it seems to have worked, but I show nothing in the mail server console that the certificate was issues, and nothing for expiration date. I guess I have to call Icewarp.

3

I think it might need a restart or some more clicks…
This is the cert in use on port 25 and port 110:

-----BEGIN CERTIFICATE-----
MIICDjCCAXcCBFI70VAwDQYJKoZIhvcNAQEFBQAwTjEdMBsGA1UEAxMUbnMyLmFu
b3RoZXJoYXRlci5jb20xLTArBgkqhkiG9w0BCQEWHmFkbWluaXN0cmF0b3JAYW5v
dGhlcmhhdGVyLmNvbTAeFw0xMTEyMTcwMzU3MDFaFw0xMzEyMTYwMzU3MDFaME4x
HTAbBgNVBAMTFG5zMi5hbm90aGVyaGF0ZXIuY29tMS0wKwYJKoZIhvcNAQkBFh5h
ZG1pbmlzdHJhdG9yQGFub3RoZXJoYXRlci5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAKMZQvjWjw9pqtqHHiuuXakSdyoFE1hYgvCbSrWsGVZJE9Tkt7Dh
BWl13QeasncOcs8/pUToT9Me314EWeninyW6nYOeF22U2WnQWnV19gjC4+IFXfi3
aiN94LeQ1zAdMhrJ8PeMjWDJ+5lvbEYZD0wvYX2F2R6UrqyWH1kMQcDrAgMBAAEw
DQYJKoZIhvcNAQEFBQADgYEAhcF9lxCtWncytMTMgmbPl07rieVAOQbCw2CkP3j9
L6yTlVL/As3rKqsCV+5Nh90riFv5sr3eBU2EXot59OuNyf+kSZC+HQoLCyiUvpKA
DNi2KgfQCcxuq43aZpQvTQErQX9/MlydFLIEy9mdnGQFgyKlP+ZRiI5X4h/YRbMh
Vpg=
-----END CERTIFICATE-----

image
image419×522 10.2 KB

1 Like
4

I just wiped out all the certificates.

Icewarp was not updating status in the console window. So I tried a whole lot of times and ended up with like 30 certificates.

I should have it all fixed in a few.

5

I think hit the rating limit on some of the domains, like ns2.anotherhater.com, because I can’t reissue for that one. The other domains, like mail.dune-hd-usa.com worked fine. I’ll try securing the rest in a day or so.

1 Like
6

Hi @MCT

checking your domain you have created two new certificates. And you use one of these.

But your server has a wrong chain, the intermediate certificate is sent twice.

dune-hd-usa
dune-hd-usa1117×296 26.8 KB

And where are your mail ports?

Only the (not so good) Ports 25, 110 + 143 are open, that allows unencrypted traffic.

mail.dune-hd-usa.com 25 SMTP open 220 ns2.anotherhater.com ESMTP SuperMultiMail v1.2.3.1.4.1.5.xx; Fri, 13 Dec 2019 02:40:56 -0500
mail.dune-hd-usa.com 53 DNS open
mail.dune-hd-usa.com 110 POP3 open +OK ns2.anotherhater.com SuperMultiMail v1.2.3.1.4.1.5.xx POP3 Fri, 13 Dec 2019 02:40:51 -0500 20191213024051@ns2.anotherhater.com
mail.dune-hd-usa.com 143 IMAP open * OK SuperMultiMail v1.2.3.1.4.1.5.xx IMAP4rev1 Fri, 13 Dec 2019 02:40:51 -0500

The encrypted ports 465, 993 and 995 should be listet under "connections".

1 Like
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.