Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
I host several mail domains and try to encrypt them all with the server’s FQDN ks307144.kimsufi.com
So I generated a certbot certificate for that FQDN and use the FQDN as the mail server in my MTA imap configurations.
I’ve tested an email firstname.lastname@example.org through https://www.checktls.com/TestReceiver and tried to read mails from different MTA
It produced this output:
|Cert Hostname DOES NOT VERIFY (mail.webologix.com != ks307144.kimsufi.com||DNS:ks307144.kimsufi.com)|
|So email is encrypted but the host is not verified|
I succeed to get mails from thunderbird under laptop Kubutnu 19.10 where I can bypass certificate but under mobile Android client I get “the server doesn’t support TLS.”
My web server is (include version):
Debian GNU/Linux 9 (stretch)
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Used ISPCONFIG but not anymore
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
Are mail servers automatically deducted as mail.domain.tld ?
In that case there is no way to certificate with server’s FQDN ?
How can I solve that ?
I remember that passed years, I used a global certificate including all domains and subdomains. But that is heavy and leads to remake the certificate each time a new domain is created.
What solution do you recommend ?