Webmail certificate operations on IIS with Let's Encrypt

I am using Windows Server 2012 R2. Ver 6.2. I installed SSL on my server with wacs.exe. There is no problem, SSL works smoothly on the sites, but when I log in via https://webmail.sitename.com, it does not accept the SSL certificate. What should I do to combine https://webmail.sitename.com with SSL on my server?

you most likely have a certificate only for the sites fqdn.

Please:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

What kind of settings should I make to include webmail?

Not sure -- wacs documentation should tell you how to add a name to a certificate or get a separate certificate for the webmail subdomain -- but you should check if that's the case. You might have the right certificate but haven't installed it yet. We could know that if you'd told us your domain name.

2 Likes

https://www.control-metal.com/ no problem
https://webmail.control-metal.com/ - ssl problem

Your certificate is valid for www.control-metal.com and control-metal.com, but not for webmail.control-metal.com

It's up to you if you want to add the webmail subdomain to the current certificate, or getting a separate certificate for webmail.

Interestingly enough, the webmail subdomain was there until it disappeared in September: crt.sh | control-metal.com

Do you remember changing something then?

2 Likes

I don't use Plesk anymore. This is the only change. While using Plesk, I was using wildcard and also choosing webmail. I do it via wacs.exe, but unfortunately SSL does not work in webmail.

You might do better by using https://certifytheweb.com

Note: You might have to install .net 4.6.2 [if not already installed]
The .NET Framework 4.6.2 offline installer for Windows - Microsoft Support

2 Likes

What are the advantages of setup Net Framework?

@rg305 said that because it is a requirement of Certify The Web which he thought would be better for you (as do I).

See below

2 Likes

Hi,

I'm am the developer of Certify The Web. Our main app version currently uses .Net framework which is typically installed on all windows servers. Wacs (win-acme) instead uses the confusingly similar dotnet sdk (also called dotnet core) and is compiled as a single exe with the runtime included.

If wacs already mostly works I'd suggest you can get this working with that. You need to ask it to include all the subdomains you need, so for instance if you would use your certificate with example.com, www.example.com and webmail.example.com then you must specify all these names when requesting your certificate. See their "edit renewal" option: win-acme

To do the same in Certify The Web, install the app, select your IIS site, check the required domains/subdomains are included in your certificate request, then click Request Certificate. The certificate will be ordered and the matching IIS bindings updated. However you should generally stick to using one tool per server for cert renewals otherwise you can get overlaps and it can get confusing.

In all cases, developers can only really support the versions of Windows that Microsoft also support, and Server 2012 passed it's end of life in Oct 2023, so you should considered moving your apps to a modern version of Windows.

4 Likes

I add from bindings > webmail.control-metal.com but settings conflict. Is there any way to add webmail.control-metal.com for SSL

May i try free for 2 or 3 domain your serve

Yes, Certify The Web community edition is free for up to 5 managed certificates and each certificate can cover up to 100 domains or wildcards (depending on the CA chosen, the default being Let's Encrypt). The majority of our users are using the free version.

2 Likes

Thanks for informations

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.