hello good afternoon, I have an ispconfig, everything is perfect so far I did the perfect installation on ubuntu server 20.04, I'm very happy a great tool. However, I need help with the email server when the pop account is configured, I followed some manuals and created the mail.dominio.com.br and made the pop and smtp aliases all right, but when I use thunderbird to send the message, it returns me the following error ############################################ ## thunderbird message failed to send message. Could not communicate securely with remote system: requested domain name does not match server certificate. The configuration related to mail.emerson.net.br needs to be corrected. This site tries to identify itself with invalid information. wrong website The certificate belongs to a different site, which could mean that someone is trying to impersonate this site. ######################################## the only observation I found was the following organizational unit is not filled in the certificate I believe that's it. can anyone help me with this problem Below are some screenshots I took
Almost definitely since mail.dominio.com.br is not mail.emerson.net.br. By the way, you don't need to use sslshopper to create LE SSL certs for ISPConfig mail server fqdn as there is a basic built-in feature that can be utilized BUT you may need some manual approaches since you want it to be multi-domain i.e. mail, pop and smtp altogether. I would suggest dns challenge with wildcard if this server cannot be reach on port 80 but if it can, the easiest might be @Th0m's tutorial for that which create and use websites (with webroot param). Otherwise there is a basic built-in feature in ISPConfig server using a standalone param which can also create LE SSL certs but for the server fqdn only, so some unprescribed methods are needed to make it work for multi domains like what you want. Using ISPConfig built-in feature has the advantage of using available hooks especially in creating ispserver SSL (cert, key and pem) files that are used across most, if not all, services in that server.
Almost definitely since mail.dominio.com.br is not mail.emerson.net.br. it was just an example but it is configured correctly mail.emerson.net.br at the moment I have only one server with everything installed and yes I will use several domains on this server I really liked the tool after understanding it works perfectly and what I need. even the e-mail not being accepted at first if I choose to accept what complains about the certificate may not be from the company in question the e-mail works perfectly. as I said in the email using everything automatically even without the need for a wildcard because it is perfect as it is working very well using automatic as it is I noticed that in the certificate there is some way for the information below to be filled Common name (CN) mail.emerson.net.br O (Organization) <Not part of certificate> Organizational Unit (OU) <Not part of certificate> Common Name (CN) R3 The (Organization) Let's Encrypt Organizational Unit (OU) <Not part of certificate>
The certificate is fine and these fields do not matter for email deliverability at all. They are not filled on any domain-validated cert as they are reserved for organization-validated certs, which are quite expensive and require some paperwork and only companies get them anyway. So you have a working mail system with a correct SSL cert for the hostname of your system which contains all details that it should contain. The ou fields, which must be empty for any domain-based cert as used typically for mail systems, are empty. So everything is perfect and as it should be. The thunderbird error is caused by using the wrong server name in Thunderbird, it's not related to your server system or setup or SSL cert. Read the guide on how to configure thunderbird correctly by using the right smtp and pop3/imap server name (which is the hostname of your server, the name the SSL cert is issued for) to fix your issue: https://www.howtoforge.com/ispconfig-email-account/
ok i got your explanation I tried to be a perfectionist just paying attention to the details thank you very much for your quick reply, now i have more knowledge to start installing Multiserver Congratulations to you
