Hello Everybody! I have Linux Debian11, Ispconfig 3.2 installed, Nginx, Postfix Dovecot server. (Originaly installed Debian 9 ispconfig 3.1 (step-by-step from howtoforge site). after updated to Debian 10, later Debian 11). Monitor from time to time the Hungarian Cyber Defense Institude (NKI) this site. They show such a problem: "The SSL certificate for this service cannot be trusted. https://www.tenable.com/plugins/nessus/51192 ." The web, postfix, dovecot services same letsEncrypt certificate use same domain name. What is this the problem, and what can be your solution? -- Best regrads sanyi ps.: sorry my poor english
Are you sure that's the LE certs? Do check because that may probably be the self-signed certs created upon failure to create the LE certs for your server FQDN that extended to all other services therein.
How do you use their services to test? We normally use SSL Labs to test ours and so far no security complaint when we are using valid LE certs. We normally get an A+ score as well.
Well, then I am not so sure how valid is the warning from Hungarian Cyber Defense Institute that you posted since its warning in the link given is more about the self-signed certs and broken chains but not the LE certs since LE certs have good chains. Your SSL Labs report seems fine to me so far.
What exact service and its certificate is NKI testing? It may be that service on your host is using self signed certificete and not the one given by LE.
Hello The testing ports 443, 143, 110, 587, 993, 995. TCP. All scanned ports same problem. Any other ports blocked in firewall. The letsencrypt root is /etc/letsencrypt/live/domain/ folder (folder under cert files symlinked to /etc/letsencrypt/arcive/ folder latest files). The postfix and dovecot and nginx keys and certs symlinked to letsencrypt live folder files.
