Let’s encrypt certificate not accepted by Safari and Chrome on iOS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
tafoco.com.vn
I ran this command:
https://www.ssllabs.com/ssltest/analyze.html?d=mail.tafoco.com.vn&s=115.78.231.73#whyNotTrusted
Let's encrypt the ssl certificate generated from MDaemon server. Setting up an email account from an iOS device always shows an untrusted certificate error.
Please help me set up an SSL certificate for the email domain: mail.tafoco.com.vn to be trusted.
Thank you.

image846×241 10.3 KB

lighttpd/1.4.35
and this is a version from 2014

This article applies to MDaemon versions 18.0 and above.

thats from 2019:

you have too old version to MDaemon could give you LE certificate

How did you do that? Because I don't see a certificate issued for your domain name: crt.sh | mail.tafoco.com.vn

I use MDaemon version 21.5. I followed instructions from Knowledge.mdaemon.com to get a free Let's Encrypt certificate. But I don't understand why there is an Issued by: mail.tafoco.com.vn

I followed instructions from knowledge.mdaemon.com to get a free certificate from Let's encrypt

try press run now button?

It looks like you didn't get one.

I already installed the certificate but everything is still the same

I got a free certificate from Let's encrypt and am using it

No, you're not. Let's Encrypt certificates are valid for just 90 days, so could never have an expiry date in 2026. It's the self-signed certificate you're seeing there, which indeed has the exact same expiration date: "Sep 14 03:59:57 2026 GMT".

I'm not sure about the expiration time of Let's encrypt certificates. Creating a certificate from Let's encrypt in MDaemon server is used by clicking Create certificate and then clicking Restart servers as shown in the picture I just sent.

But we are, and they are only valid for 90 days. Therefore, any cert expiring in 2026 could not have come from Let's Encrypt. Either you didn't follow the instructions correctly, or issuance of the cert failed. The instructions tell you that:

There will be a LetsEncrypt.log file generated in the \MDaemon\Logs (default location) directory.

Have you checked that log file to see what happened?

When I return to the company I will try to create a new certificate and see how it expires

Do I have to run the file letsencrypt.ps1 in powershell at MDaemon\LetsEncrypt before viewing the logs?

No idea; I've never even heard of the software you're using. But according to the instruction page linked up-topic, you shouldn't need to run anything at the shell; just click the Apply button.

btw do you know what handles lighttpd? not sure if that's even on same server: I don't think Mdeamon can use http-01 when it's sitting no server: and its version is too old to be installed from Mdaemon

LetsEncrypt.log: An error occurred during the LetsEncrypt process. The error message is: Error: The challenge did not complete. Host Name: mail.tafoco.com.vn Error Code: 403 Error Type: urn:ietf:params:acme:error:unauthorized Error Detail: 115.78.231.73: Invalid response from http://mail.tafoco.com.vn/.well-known/acme-challenge/4UCEe8k9pg0u4f6IxbBaxeCL6piUkRhh_-MIaQ2VNeo: 404

It seems that the "create certificate" button for "MDaemon" creates a self-signed cert.

Without having read the instructions...
[I like (not) to do that sometimes]
I would "delete" that self-signed cert and use the options in "Let's Encrypt" ONLY.
[then if that doesn't work... I might try the instructions OR a search engine]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.