Hi,
by searcing on the forum I fount this related topic closed without a link to a FAQ:
In thoose day I have moved my VPS to a new one and ... decide to try to configure the server for use Let's Encrypt certificate... but if you know how VPS and Dedicated server works... for have a valid SMTP or secure email also for client email you need a valid certificate.
I AM using Comodo Positive SSL who is good for web and also for email ... but is very expensive.
Why you let's encrypt cannot done a certificate like Positive SSL of Comodo that works for secure web and email.
Also email security should be considered. I AM not into web Business so for me is just a stress pay a server... I cannot spend a lot of money also for certificate. Now I have a solution but in the future if the price will gruow UP I will be unable to have my own mail.
Please consider to ... implement support for emails... so also Control Panel for VPS and Servers can find solution for let users use mail in secure way easly.
Certificate for email is usefull for be able to send email by SMTP web application, also for receve and configure emails in Thunderbird for example ... without use self signed certificate... but I tried to configure Let's Encrypt also for this but doesn't work. Only Comodo Positive SSL allow me to protect web side and email side connection.
Hope let's Encrypt can introduce the support of this because for who has a private server this is a big and important issue: configure email!
What kind of e-mail encryption certificate do you require exactly?
Because you can perfectly use a Let’s Encrypt certificate to secure an e-mail server, SMTP or IMAP/POP3.
Let’s Encrypt certificates can be used for encrypted TLS (formerly known as SSL) connections between the client and server, for sending and receiving. Clients can connect to e.g. smtp.example.com through port 25 and secure the connection with STARTTLS, where the SMTP server will present a Let’s Encrypt certificate for smtp.example.com. The client will verify this certificate and will establish a secure connection to the SMTP server.
The same goes for reading e-mails through IMAP or POP3. A mail client can connect to e.g. imap.example.com through port 143 and use STARTTLS to secure the connection. The IMAP server can provide a Let’s Encrypt certificate for imap.example.com, which is verified by the client and a secure connection is established.
So you see, Let’s Encrypt can perfectly be used for e-mail in the way described above.
What you can’t do with Let’s Encrypt, is verify and get a certificate for an email address. But you’d only need that for things like PGP/GPG and/or S/MIME. Not for regular e-mailing.
I have domain.ext, in the server I install let’s Encrypt for protect the website https. I tried to configure Exim and Dovecot to use that certificate for use email not with STARTLS but with SSL on port 993 and 465 IMAP and let’s encrypt seems to be not working. I can do that only with Comodo Positive SSL.
You simply are unable to use SMTP and client email. I tried this on two server and I solved by using Positive SSL certificate so the sisue is with Let’s Encrypt.
OK well, I was able to see Let’s Encrypt work with Thunderbird but using plugin SMTP for wordpress was unable to send email.
I have configured PHP 5.6 or PHP 5.7 with the patch to the ca boundle… all server settings who are working for Positive SSL of Comodo so… set correctly PHP … was not working with Let’s Encrypt…
So you are right sorry, L’et Encrypt allow you to use Thunderbird for example but all my web application was unable to send email by SMTP. Wordpress, OsTicket, Live Helper Chat.
Just removed the Let’s Encrypt certificate, put Comodo Positive SSL and all works fine… so issue seems to be in PHP SMTP application.
PHP + Apache + SuPHP.
Shortly I will move to the new Apache with FastCGI I AM waiting some bug on my panel will be fixed.
Perhaps the server using the Let’s Encrypt certificate wasn’t correctly configured, such as missing the intermediate certificate. That wouldn’t be anything directly caused by the Let’s Encrypt certificate itself, but caused by the server administrator not configuring the server correctly.
As I said before: Let’s Encrypt certificates are valid DV certificates, just like any other DV certificate and technically there is no reason at all for Let’s Encrypt certs not to work, while other CA’s did work, besides of course misconfigurations. (Or root store issues, but that’s rather unlikly.)
Shortly I will move to the new Apache with FastCGI I AM waiting some bug on my panel will be fixed.
as requested several times can you paste the actual errors and the startup logs for your email applications
otherwise I suggest the thread gets closed as you are asking for help but not really providing the relevant information for people to assist
saying one thing works while another doesn't isn't a good troubleshooting strategy especially when dealing with other to help you
as a basic example:
let's encrypt seems to be not working. I can do that only with Comodo Positive SSL.
have you actually compared the two certificates
is it possible that your letsencrypt certificate is issued from a staging domain
do you have a domain name for your Email so others can check
is it possible that the LetsEncrypt certificate has expired
for example a screenshot of a certificate below if you can provide that information about your certificate or the domain name we can check the status of the certificate
Well installed new server, Issue a new Let’s Encrypt certificate some day ago so is not expired the certificate.
I was able to configure Thunderbird, no issue, let’s Encrypt certificate works SO I set all Correclty Exim and Dovecot BUT if I try to configure the mail to use SMTP in Wordpress or in another web app than is not working wrong certificate.
stream_socket_client(): Failed to enable crypto
now I miss the other log part where seems certificate verification fail. Sorry I have no avaiable VPS for test. I AM not a business and I worked a lot on thoose days for setup my VPS.
The issue seems to be if you are trying to use autheticate SMTP with Let’s Encrypt … again is sufficient in my case remove the let’s Encrypt certificate and put the comodo and all start to work. The Let’s encrypt certificate was issued at the moment and was for the domasin.ext usaed also for mail hostname.
ahaw021 I prefer you do not join this discussion if your tone is this. Please… you can partecipate in other topics. Thanks.
I AM just trying to request a feature support request. Maybe this is trasforming in an issue… I AM reporting something seems is not working with Let’s Encrypt.
Well, I AM testing this in Webuzo panel.
Maybe I will report to the Webuzo Team for be sure there are no errors on... the installation process of let's Encrypt if you said that should work also with PHP.
Issue seems to be related to PHP and Let's Encrypt.
In the php.ini I put the line
[openssl]
openssl.cafile= /etc/ssl/cert/domain.ext-cabundle.crt
than when I configure SMTP I use as email host domain.ext and with let's Encrypt seems not work
So… anyone is using Let’s Encrypt for Exim and also for send authenticated SMTP email in PHP example wordpress or OsTicket?
Seems Let’s Encrypt work well in Thunderbird no certificate error are showed and I can send and receive email but if I try to configure email for use Let’s encrypt for send SMTP email from a PHP application like Wordpress or OsTicket cannot send SMTP emails because certificate is not recognized.
All is solved if I remove Let’s Encrypt and I put Comodo Positive SSL.
Is this an issue of Let’s Encrypt or can be an issue related to my panel Webuzo?
I do not have a server to test. Maybe a solution can be to try a Let’s Encrypt certificate generated from an external site and not generated from Webuzo for see if the issue still persist.
At the moment I will have issue on testing again this because I already setup my server… maybe I will see if I can remove Comodo and reinstall Let’s Encrypt than test again; if I can I will post here the results.
I tried the command openssl s_client -starttls smtp -crlf -connect smtp.gmail.com:587
and I can see only CONNECTED … I should test ssl and port 465 not startls and port 587 but IF I replace -starttls with -ssl is not recognized command.
