SSL for my mail server. Need Help


#1

i’m running an apache web server and mail server both on the same IP. i used let’s encrypt for SSL certificates with mydomain.com and mail.mydomain.com and yesterday when i viewed the cert through google chrome i’m fairly certain it had shown both names seperately, but today it only shows mydomain.com and no longer shows the mail.

The reason i’m bringing that up, is that today thunderbird is complaining about my certificate not looking valid, yesterday, thunderbird was completely happy.

The other thing that may have changed today is that this morning i asked my internet provide to setup a PTR on my static IP pointing to mail.myotherdomain.com,(planning to host email with both domains eventually) but to my nslookup, that PTR isn’t there yet. I’m not sure if SSL even cares about reverse DNS?

My knowledge of SSL is fairly limited so i’m not sure what’s made thunderbird unhappy. Hoping for any hints to track this down.

Could the reverse dns record changing cause thunderbird to complain about the certificate? If not any other ideas? Should i re-run certbot and add mail.myotherdomain.com to my certificate request? the webmail site via apache shows secure so i’m not understanding why my email client is complaining


#2

Hi @Jeff525, the certificate wouldn’t have covered mail.mydomain.com unless you explicitly asked for it.

All of Let’s Encrypt’s issued certificates are posted publicly, so you can search in

https://crt.sh/?Identity=%&iCAID=16418

and be sure of what certificate(s) you’ve ever had from our service. Then you can find out whether you accidentally issued two different certificates and unintentionally switched from using one to using the other. But if you find that you only have the one certificate and you’re planning to provide a service on the mail server, you can go ahead and get a certificate that covers that name too.


#3

I’m very impressed with the speedy answer and thanks for the assistance!

I just figured out my problem, It was just caused by me not paying attention when mozilla thunderbird auto configured the account and tried to use smtp. instead of mail. for the outgoing server.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.