Webmail by servermx.com


#1

Hello @JuergenAuer

How does one add SSL for my webmail provided by servermx.com. Namesilo is my registrar. I use the account/website only for email and nothing else --so I only updated the DNS MX etc records in namesilo to point to servermx.

Namesilo only provides link to Lets Encrypt https://www.namesilo.com/Support/Why-we-do-not-offer-SSL%2FTLS-certificates

Thank you very much for your assistance.


How to setup cert for webmail?
#2

Hi @kban,

I’ve splittet the post, so you have your own thread.

Checking https://www.servermx.com/ : That looks like an integrated solution.

If your MX records point to servermx.com, then that service may create a certificate.

If you use the webmail client

https://www.servermx.com/en/features.html

there is a certificate.


#3

Thank you so much for your response @JuergenAuer

I thought I had to install a certificate.

I have all the CNAME, MX and TXT settings as per their documentation.

host: roundcube..com
target: roundcube.servermx.com
ttl: 3600

host: squirrel..com
target: squirrel.servermx.com
ttl: 3600

host: webmail..com
target: roundcube.servermx.com
ttl: 3600

Similarly the MX and TXT settings map to theirs
MX: mx1.servermx.com
TXT: “v=spf1 a mx include:servermx.com ~all”

I can only access their email (roundcube, squirrel, webmail) via http and not https.

Thanks once again for your assistance.


#4

Ooops… seems like some characters got removed when I hit “Reply” button.

The hosts were
host: roundcube.mysitename.com
host: squirrel.mysitename.com
host: webmail.mysitename.com
all which mapped to corresponding servermx.com


#5

If you use CNAME, so you use their servers.

Is there an option to upload / install a certificate?

If not, it may be impossible.

The feature list ( https://www.servermx.com/en/features.html ) doesn’t say something about customer specific certificates.

So you should ask the support.


#6

Thank you for explaining this to me.

I asked them and they said they cannot install my certificate on their server. So it maybe I cannot use https?

You have been very helpful! Thanks.


#7

I seriously doubt that’s the case. Do they support what you’re doing? That is, masquerading as webmail.yourdomain.com? Or is it a workaround you’ve come up with? Because if they do, they should have a way of dealing with the certs and related configuration.


#8

Thanks @danb35.

I have yet to hear from them with regards to using https with their servers.

I cannot use https for any of the links (not just webmail)
roundcube.mydomain.com
squirrel.mydomain.com
webmail.mydomain.com

I followed their documentation for roundcube and squirrel and simply mapped webmail to use roundcube.


#9

I just looked at their docs, and frankly their documented process is startlingly idiotic. They say to do exactly what you’ve done, but then note at the bottom of the page that “Web client with your domain name doesn’t match the SSL certificate.” So they’re telling you to do something that will generate certificate errors, knowing it will generate certificate errors.

You can still use https, but you’ll have to bypass the cert errors.


#10

Thanks @danb35.

I cannot use https --how can I bypass the cert errors?


#11

The best way is to simply avoid the issue entirely by going to roundcube.servermx.com (or squirrel., or whatever)–that way the server you’re requesting is the server that’s actually responding and that actually has the cert, and there’s no error at all. But if you insist on following their ill-conceived instructions (and it’s worth reiterating that their instructions are startlingly ill-conceived–they’re telling you to do something that directly violates the purpose of having server certificates), you’ll need to consult your web browser’s documentation on how to do this. With Firefox, it’d typically be clicking an Advanced link, then Add exception. Can’t help you with other browsers, though.


#12

Thanks a lot @danb35 !!

I did not think of accessing my email via https://roundcube.servermx.com.

I did add exception to FF to https://webmail.mydomain.com (I only use FF) but it shows a lock with yellow caution sign stating “connection is not secure” --and it was bothering me --so I thought of adding a Lets Encrypt cert --but if this is not possible --I will have to access their email server directly without going via my siteaddress.

@JuergenAuer and @danb35 --You guys are awesome and very helpful!!


#13

But that’s a different problem, that’s mixed content. Use my tool ( https://check-your-website.server-daten.de/ ) to check your domain, there is a part “Html-Content”.

That happens if you have images loaded via http, not https.


#14

I used your tool (I didnt know it was yours) days ago and the html-content shows all green.

But FF always shows the gray lock with yellow caution sign --irrespective if only text or text with image is displayed --I guess there is always some image on the page (mail icons etc)

With roundcube.servermx.com the FF lock is green (as expected).

So if the FF lock is gray with caution --the traffic is still secure with the https (so I can ignore the “connection is not secure” warning?) Sorry for such simple/trivial questions.


#15

I think they (servermx) did something after I reached out to them --in the very beginning …I could not access at all https://webmail.mydomain.com but at least I can now with “caution lock” symbol.


#16

No, it isn’t; it’s a certificate mismatch. For reasons known only to them, servermx.com thinks it’s a great idea to tell their customers to set CNAME records as @kban describes above, which is guaranteed to give cert errors (I don’t think it can be repeated too frequently, or too strongly, what a bad idea this is). Even if you add an exception, you’re going to see warnings.


#17

Then we should know the domain name.

If it is wrong configured (CNAME to another domain, but that other domain doesn’t have a correct certificate) and if this is the idea of the provider, then you should go away to another provider.


#18

Yep, it’s their idea:


#19

Thanks, that’s really bad.

We have the year 2019.


#20

Thanks a lot @JuergenAuer and @danb35 for all your assistance and explaintions.

They responded stating they do not install external SSL certificates.

So for the time being I will access their mail service directly via their site.

All the best!!