Problems with using Apple Mail & Google Mail


#1

Hi!

I installed Let’s Encrypt via Plesk to encrypt my outgoing & incoming emailtraffic. The webmailer works fine but I wanna add my emailaccounts to the Apple Webmailer and onto my Android phone into the Gmail app.

They worked pretty fine (without SSL/TLS). But now whenever I wanna activate the SSL connection both programs answer that the certificate is not valid.

Can you help me out here? Im not familiar with this whole certificate stuff at all… I tried to play around with the email ports but that doesnt work.

Thanks!
Lucas :slight_smile:


#2

What is the fully qualified domain name?


#3

Sorry… sure

It’s
https://lynxdesign.de
Without the www


#4

openssl s_client -connect lynxdesign.de:443 -servername lynxdesign.de
does show your cert.

However,
openssl s_client -connect lynxdesign.de:143 -starttls imap
openssl s_client -connect lynxdesign.de:587 -starttls smtp
openssl s_client -connect lynxdesign.de:993
all show a cert for:
st-webhost-01.st-srv.eu
It is also an LE cert but doesn’t cover the name you are using to reach those services.

I suggest, try using the name on the cert (st-webhost-01.st-srv.eu) in your email apps - that should work.

But that may not work as expected either…
The two names don’t resolve to exactly the same IP(s).

Name: lynxdesign.de
Address: 213.202.239.131

Name: st-webhost-01.st-srv.eu
Addresses: 213.202.239.135
213.202.239.140
213.202.239.139
213.202.239.132
213.202.239.133
213.202.239.134
213.202.239.131
213.202.239.137
213.202.239.138
213.202.239.141
213.202.239.136
213.202.239.130


#5

Thanks! It solved the problem. I don’t get it: Why does the certificate work when I surf the domain lynxdesign.de via the browser and not when I try to reach it via email?


#6

Hi,

Because the binding certificate for this port is st-webhost-01.st-srv.eu… you can try contact your hosting provider and ask them to bind your certificate to that port (w/ IP)


#7

Because https uses port 443 and is configured for shared hosting (using SNI).
While the email is NOT configured for shared hosting (email works completely different to web services) and uses other ports; so it can’t show different server names to match all the different requested names.

Think about email, when people get their email form a shared ESP, they connect to the name of the provider not to their own domain name (unless they pay extra for individualized email hosting).


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.