I’m not having any issue with issuing and deploying a certificate for the service I host – my problem is related to consuming the service.
My server uses LetsEncrypt certificates for its main domain, dotforward.de. The certificate is used for the web server (HTTPS), the SMTP server and a number of other services. There is absolutely no problem when connecting securely to these services from client machines running Windows or Android.
But when my (ASP).NET Core application, running on that server, tries to connect to that SMTP server with MailKit, an open-source e-mail/smtp library, I get the error: “The remote certificate is invalid according to the validation procedure.” Looking inside the certificate validation callback, the subject of the presented certificate is “CN=dotforward.de” (correct) and the detected errors is RemoteCertificateChainErrors. Now this is fairly general and could mean all sorts of things, also the documentation of that interface isn’t too comprehensive. But it seems that the certificate is the correct one and something’s wrong with the chain. I am connecting to the local SMTP server through its public DNS name, dotforward.de, not localhost, and also on the SSL port 465. So I expect things to work just as from a really remote client.
How can I verify that Ubuntu 16.04 has the proper LetsEncrypt certificates installed so it can actually validate the presented certificate? It seems to be included in Windows/Firefox and Android but maybe it’s missing on that Linux system?