Let's Encryipt enabled but I get error message on Outlook

Discussion in 'General' started by deividmen, Dec 11, 2019.

  1. deividmen

    deividmen Member

    Hello

    I have an Ubuntu 16.04 server with ISPConfig 3.1 and many websites installed. I also set up Postfix with an SMTP relay service for reliable email delivery (TurboSMTP).

    I have enabled SSL with Lets Encrypt using built-in ISPConfig 3.1 ability by following this tutorial:

    https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/

    It works with https websites hosted, but the email clients do not work, and I keep getting this error message on Outlook:

    The Server you are Connected to is Using a Security Certificate that Cannot be Verified

    Any ideas?
     
    Last edited: Jan 15, 2020
  2. fluidmindorg

    fluidmindorg New Member

    The first thing to check is what certificate Outlook is actually getting. When it tries to connect and gives you that error, does it give you the option to view the certificate that it's having a problem with? If so, copy the details of that cert and post them here so we can see what it's getting. (It sounds like it's not getting the correct cert.)
     
  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Additionally, if you list your actual domain and server names here, others could do a quick check to see what is presented.

    Another possibility is that you need to configure your server to include the certificate chain files.
     
  4. Steini86

    Steini86 Active Member

    Have you restarted the (mail) server?
    Check certificate with:
    Code:
    openssl s_client -showcerts -connect mail.example.com:993
     
    fluidmindorg likes this.
  5. jnewman67

    jnewman67 Member HowtoForge Supporter

    ispconfig 3.2.5, CentOS 7 (I think)
    so i see no resolution to this issue, and having to migrate to a new (existing) server rather quickly today (UPS melted a power supply, which took out a drive :( ), I'd like to figure this out as well.
    I have a domain that's been on the server but never had an SSL cert assigned to it. when i connect to that site via HTTPS, i get a cert that seems to be assigned to the server in general (may be the self-signed cert ISPConfig creates during setup?). It shows "SomeCity, SomeState, SomeOrganization" etc.). It does show the name of my server, however (the server name, not the domain name - they are different).
    If i connect to that server via POP3S, i get one that is clearly self-signed, and has example.com listed as part of the details - no mention of my server name or the actual domain name.
    I've gone into the domain site and unchecked the "Lets Encrypt" box, saved that ,then rechecked it, saved that, then told it to create certificate - that all completes fine.
    But the website still doesn't come up with a valid cert, nor does email.
    Do i need to go back to ISPConfig_update.sh and have it regenerate a new SSL cert there, then do all the domains again?
    thank you.
     
  6. jnewman67

    jnewman67 Member HowtoForge Supporter

    no need to follow up on my issue - turns out I'm running CentOS 6, and that's probably causing some of my frustrations.
    I had a CentOS 8 server set up, but configuration issues after the initial install left it non-responsive, so I guess i'll get that set up and migrate to it later.
    Thank you.
     

Share This Page