Dovecot and Android Gmail App

Discussion in 'Installation/Configuration' started by Bob White, Sep 26, 2021.

  1. Bob White

    Bob White Member

    After updating to Ubuntu 20.04, everything works fine on the server. I can send and receive email via Roundcube. However, the other day, I noticed that the Gmail app on my Android phone wasn't able to read incoming mail from Dovecot, and it stopped working when I updated to 20.04. My server is configured to read incoming email from Gmail and Charter's email, and consolidate it on the server. Outgoing email is sent via Gmail, so it's not going through the server. The Gmail app on my phone is set up this way - read email from the server, send mail via Gmail.
    On my home router, I have port forwarding set up to forward port 993 to the server. When I try to configure the Gmail app, it doesn't like the certificate. I have it set to SSL/TLS (accept all certificates), but it displays what appears to be a self-signed certificate as it has my name in what's displayed on the phone. I've tried telling the app to accept the certificate anyway, but it just refuses and keeps displaying the certificate. and refuses to accept it, no matter what I do.
    I have a certificate for the server that Let's Encrypt updated on 8/15, and everything else seems to like that just fine. Is there something I need to do to point Dovecot to that certificate? When I look at at the Dovecot keys in /etc/dovecot/private, they were generated in January 2019. The Gmail app worked just fine before I updated the server on August 8, so something changed.
    I can get email on my phone if I point it to Roundcube via the Chrome browse, but that's awful hard to read on a phone.
    Any suggestions?
    Thanks,
    Bob
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Set up the certificate for the mailserver through
    Code:
    ispconfig_update.sh --force
    and let it recreate the certs.
    Or follow this guide: https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/
     
  3. Bob White

    Bob White Member

    I had done that already. I think the problem is that I don't own the domain name, so the lookup at LE fails and it falls back to a self-signed certificate. I did it again - and got the same circular response: certificate is isn't accepted, and tell it to use it anyway just starts the cycle over again.
    I use DynDns to have a DNS name - thecovey.homeip.net - and that certificate get generated okay. The ispconfig_update script checks with LE and uses the server name - fileserver.thecovey.net - and that fails, causing it to drop back to self-signed. I can point Dovecot to the LE certificate - I just don't know where to make the change.
    Thanks,
    Bob
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    So you have to create the correct DNS record(s) and follow the other guide I sent you.
     

Share This Page