Old Certificate Problem

nigelharpur · May 3, 2023, 2:14pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: orchardmusic.com

I ran this command: n/a

It produced this output: n/a

My web server is (include version): Nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu 22.04.2 LTS

My hosting provider, if applicable, is: Home Server

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin 2.021

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot not installed currently

I will try and be as succinct as I can: Ubuntu Server originally installed with hostname 'orchardserver' and in the process of trying to get it working as a mail server (alongside being a web server for a Wordpress site) I must have gotten a certificate for it as 'orchardserver'.
Now several iterations later I have succeeeded - Postfix all good, receiving and sending mail, no rejections from gmail etc either - Dovecot up and talking to Postfix (maildir for both) - the problem I have is that now when I use a client (Thunderbird) to IMAP with the account it works fine as far as the Inbox is concerned but when I try and send mails from it I get:

A security warning about a certificate (orchardserver) not matching - the hostname is now mail.orchardmusic.com not orchardserver but I don't know if that's actually the problem.
An error message from Thunderbird if I send anyway
An error message from the recipient refusing delivery.
I have screenshots of all the above which I will add below - I won't add anything else like config files etc as I don't know what's relevant. Basically I think I need to get rid of the old certificate but if I install certbot and ask it to delete it says ir can'r find anything - I am stuck.
The home server project is so close to finished, this is the last hurdle - I am a newbie 'server guy' but not without a little knowledge/brains, so hope someone can assist - thanks.

linkp · May 3, 2023, 2:43pm

None of your issues are Let's Encrypt related. You have obtained a certificate for mail.orchardmusic.com at least 4 times in the past week.

https://crt.sh/?q=mail.orchardmusic.com

You need fix your postfix configuration so that it uses your Let's Encrypt certificate instead of a self-signed certificate to fix your first point. You neglected to answer the questions about how you obtained your certificates, so we can't suggest where you might find them.

Fixing number one fixes number two.

Number three is again postfix configuration, specifically relay policy. It has nothing to do with your certificate. You are going to need to engage a support community focused on the postfix package, or spend more time with the excellent postfix documentation.

If you can provide the missing details about how you obtained your certificates, someone here may have further suggestion.

Edited to correct "8 times" to "4 times". Thanks @rg305!

Bruce5051 · May 3, 2023, 2:44pm

And for the future:

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

And to assist with debugging there is a great place to start is Let's Debug.

nigelharpur · May 3, 2023, 2:58pm

Thanks, that's given me lots to go on. Yes, I wish I could recall how I got that certificate, unfortunately I just can't recall, but at least I now have a better understanding.

Many thanks again, I still have a lot to learn.

Nigel.

linkp · May 3, 2023, 3:34pm

I can relate. While I'm not the best at always following this advice, I encourage you to take notes next time. It helps me when I remember to do it.

nigelharpur · May 3, 2023, 3:35pm

Thanks for this - much appreciated - I obviously need to increase my understanding overall, I haven't joined all the dots yet - apologies - getting Ubuntu - Nginx - Wordpress up and working was the easy part...

rg305 · May 3, 2023, 3:36pm

So... just write reminders/sticky notes that remind you to write more notes/documentation.

Darn it... I've forgotten when to take my memory medication again!

Cheers from Miami
LOL

system · June 2, 2023, 3:37pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Thunderbird not getting mail after certificate expiry/renewal Help	7	89	November 21, 2024
Getting "This certificate belongs to a different site for a wildcard certificate Help	5	1250	February 18, 2022
Certificate and nginx Help	16	974	May 29, 2022
Multiple SSL with a single mail server? Help	8	870	July 27, 2023
Root certificate not trusted by trust provider Help	27	3096	September 4, 2022

Old Certificate Problem

Related topics