SSL issue in Zimbra mail server

Zaffar · August 30, 2017, 1:08pm

HI i have install ssl on Zimbra ssl on mail.wam360.com its working fine but other are not like mail.bizweb360.com

mail.Bizweb360.com

I am getting issue in mails ssl “unable to verifiy ssl server mail.bizweb360.com”

Thanks

jared.m · August 30, 2017, 1:26pm

You need to request a certificate that covers all domain names that you might use to access this. You can add up to 100 names to a single certificate.

Zaffar · August 30, 2017, 1:55pm

Thanks for Reply

How can i do it for multiple domain, can you please guide me ?
and its on Zimbra mail server.

jared.m · August 30, 2017, 2:10pm

What client are you using to issue the certificate? Or, more generally, how did you issue this first certificate we’re seeing?

Zaffar · August 30, 2017, 2:12pm

Client OS Ubuntu 16.04 and issue I am getting issue in mails ssl “unable to verifiy ssl server mail.bizweb360.com” in my phone

Please chekc screenshot

jared.m · August 30, 2017, 2:17pm

That’s not what I meant… How did you have the certificate issued from Let’s Encrypt in the first place. Did you use Certbot? Some other command-line tool? A tool built into some web GUI?

Zaffar · August 30, 2017, 2:19pm

i use ./letsencrypt-auto certonly --standalone -d mail.wam360.com

command line access

jared.m · August 30, 2017, 2:21pm

Awesome! So this is easy, just add another -d flag with the second name, like so:

./letsencrypt-auto certonly --standalone -d mail.wam360.com -d mail.bizweb360.com

Zaffar · August 30, 2017, 2:22pm

But last time i did only for mail.wam360.com and not other . all are applied

and i will appy this so we need to add
mail.wam360.com again because its update last day.

jared.m · August 30, 2017, 2:25pm

That's the problem. Your mailserver is presenting a certificate that says "I am a valid certificate issued by Let's Encrypt for the domain mail.wam360.com". So, when you connect to mail.bizweb360.com, your client says "well, this certificate isn't valid for the domain I'm connecting to!" If you use both -d flags, you will get a certificate that says "I am a valid certificate issued by Let's Encrypt for the domains mail.wam360.com and mail.bizweb360.com", to which clients connecting to either domain will accept as valid.

You will need to apply the certificate generated with both names after you create it and use/renew this one going forward.

Zaffar · August 30, 2017, 2:37pm

Thanks for help in cert mail issue

system · September 29, 2017, 2:37pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.