I am getting error about SSL ı have mail server in Aruba Cloud, when ı go to server.comnerds.com.tr is fine but if you go to mail.comnerds.com.tr you will see not secure error but ı have certificate as you can see, what should ı do please help me.
1 Like
The certificate is only valid for the hostname server.comnerds.com.tr. If you also want the mail subdomain to be secured, you should either expand the certificate to also include the hostname mail.server.comnerds.com.tr (preferred) or get a new certificate for mail.server.comnerds.com.tr (not preferred).
4 Likes
Could you help me about that where can ı find it and expand certificate to subdomain ?
Not without a lot more information. When you opened this thread in the #help section, you should have gotten a questionnaire. Maybe you didn't get it or maybe you've removed it, I don't know. But we need it either way:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
6 Likes
I am getting very diffucult situaiton, when ı tested with certbot it says cerificate is valid but when ı tested with openssl it says expired what should ı do ?
Command: certbot certificates
Command: openssl s_client -connect server.comnerds.com.tr:993
My Server IP : 217.61.105.227
Whatever service is on that port, it may need to be restarted to pickup the latest cert.
OR
It was hard-coded to use the cert that is now expired.
3 Likes
what should ı do can you suggest any thing
Currently I see the correct certificate send by your IMAP server (Dovecot). So I guess you've figured it out 
5 Likes
If you have an IMAP server process that needs to be restarted when a new certificate is obtained (which is a relatively common situation), you can add a --deploy-hook option in Certbot to give a command for Certbot to run to achieve this task (might be like service dovecot restart or something?).
5 Likes
Note that since version 2.3.0 Certbot has the reconfigure subcommand which can be used, among other things, to add a --deploy-hook to existing certificates without the requirement for forcing a renewal. See certbot help reconfigure or User Guide — Certbot 2.5.0 documentation for details.
7 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.