new install, the mail server cert is giving the hostname instead of the alias mail.

Discussion in 'Installation/Configuration' started by Gerald ALLEN, Mar 1, 2026.

Tags:
  1. Gerald ALLEN

    Gerald ALLEN New Member

    Greetings all, I seem to have forgotten how I did something many years ago.
    As requested in the "Please read before posting" thread, my system stats are:
    Ubuntu 24.04.4 LTS
    PHP CLI version 8.3.30
    NGINX
    and the output of cat htf_report.txt is at the bottom of this post.

    So, I have been using ispconfig since version 2something. My old server was getting rather long in the tooth, I think it was created with the release of ispconfig3, and has been through all the upgrade cycles to current version, and os release upgrades too.

    Anyway, I spun up a new server instance and did a fresh install of ispconfig with the installer script, then bought the migration tool and migrated from old to new. It went pretty well, the old server had both certbot and acme on it because of age and upgrades, so I didn't migrate the certs, I just regenerated them on the new server. It was only about 20ish sites, so not a big deal.

    Everything works great except one thing: When a mail client connects to the server it is receiving the wrong certificate. The server is handing out the cert for servername-example-com instead of alias-example-com
    So, the mail client goes and looks for mail-mydomain-com then complains that the server isn't legit because the cert says servername-mydomain-com.
    I have set up an aliasdomain
    Domain: mail-mydomain-com
    Parent Website: server-mydomain-com :: server-mydomain-com
    Redirect Type: No redirect
    Redirect Path: https server-mydomain-com
    Auto-Subdomain None
    SEO Redirect: No redirect
    and left the Don't add unchecked and Active is checked.

    I have edited /etc/mailname to show mail-mydomain-com

    I checked the Let's Encrypt log in the dashboard and I can see mail-mydomain-com being created

    What did I forget? I am sure it is something simple that is going to cause me to facepalm but I'm stuck.
    I even brought up the old server's dashboard next to the new server's dashboard and went link by link comparing the two. The old server does it correctly, and the new doesn't.

    Code:
    cat htf_report.txt

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Ubuntu 24.04.4 LTS
 
[INFO] uptime:  12:02:43 up  2:53,  1 user,  load average: 0.01, 0.05, 0.02
 
[INFO] memory:
               total        used        free      shared  buff/cache   available
Mem:           7.7Gi       2.9Gi       242Mi       192Mi       5.1Gi       4.8Gi
Swap:             0B          0B          0B
 
[INFO] systemd failed services status:
  UNIT LOAD ACTIVE SUB DESCRIPTION

0 loaded units listed.

[INFO] ISPConfig is installed.
[WARN] /usr/local/ispconfig/server/lib/config.inc.php is missing.

##### VERSION CHECK #####

[INFO] php (cli) version is 8.3.30
[INFO] php-cgi (used for cgi php in default vhost!) is version 8.3.30

##### PORT CHECK #####


##### MAIL SERVER CHECK #####

[WARN] I found no "smtps" entry in your postfix master.cf
[INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this.

##### RUNNING SERVER PROCESSES #####

[WARN] I could not determine which web server is running.
[WARN] I could not determine which mail server is running.
[WARN] I could not determine which pop3 server is running.
[WARN] I could not determine which imap server is running.
[WARN] I could not determine which ftp server is running.

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[localhost]:10023        (-)
[anywhere]:443        (-)
[anywhere]:465        (-)
[anywhere]:143        (-)
[localhost]:53        (-)
[localhost]:53        (-)
[localhost]:53        (-)
[localhost]:53        (-)
[anywhere]:25        (-)
[anywhere]:22        (-)
[anywhere]:21        (-)
[anywhere]:4190        (-)
[anywhere]:80        (-)
[anywhere]:110        (-)
[localhost]:783        (-)
[anywhere]:995        (-)
[anywhere]:993        (-)
[localhost]:953        (-)
[localhost]:953        (-)
[localhost]:953        (-)
[localhost]:953        (-)
[anywhere]:587        (-)
***.***.***.***:53        (-)
[localhost]:11334        (-)
[localhost]:11333        (-)
[localhost]:11332        (-)
[anywhere]:3306        (-)
[anywhere]:8081        (-)
[anywhere]:8080        (-)
***.***.***.***:53        (-)
***.***.***.***:53        (-)
***.***.***.***:53        (-)
***.***.***.***:53        (-)
[localhost]:6379        (-)
***.***.***.***:53        (-)
[localhost]:11211        (-)
*:*:*:*::*1:d3ff:feaf:9a:53        (-)
*:*:*:*::*1:d3ff:feaf:9a:53        (-)
*:*:*:*::*1:d3ff:feaf:9a:53        (-)
*:*:*:*::*1:d3ff:feaf:9a:53        (-)
*:*:*:*::*:443        (-)
*:*:*:*::*:465        (-)
*:*:*:*::*:11211        (-)
[localhost]43        (-)
*:*:*:*::*:25        (-)
*:*:*:*::*:22        (-)
*:*:*:*::*:21        (-)
*:*:*:*::*:4190        (-)
*:*:*:*::*:80        (-)
[localhost]10        (-)
*:*:*:*::*:995        (-)
*:*:*:*::*:993        (-)
*:*:*:*::*:6379        (-)
*:*:*:*::*:587        (-)
*:*:*:*::*:3306        (-)
*:*:*:*::*:8081        (-)
*:*:*:*::*:8080        (-)
*:*:*:*::*:783        (-)
*:*:*:*::*:953        (-)
*:*:*:*::*:953        (-)
*:*:*:*::*:953        (-)
*:*:*:*::*:953        (-)
*:*:*:*::*:53        (-)
*:*:*:*::*:53        (-)
*:*:*:*::*:53        (-)
*:*:*:*::*:53        (-)




##### IPTABLES #####




##### LET'S ENCRYPT #####
     
    Gerald ALLEN, Mar 1, 2026
    #1
  2. Gerald ALLEN

    Gerald ALLEN New Member

    Sorry, that was not as root. Here is the right output. I would edit the other one, but it won't let me.
    Code:
    cat htf_report.txt

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Ubuntu 24.04.4 LTS
 
[INFO] uptime:  12:46:19 up  3:37,  1 user,  load average: 0.01, 0.08, 0.07
 
[INFO] memory:
               total        used        free      shared  buff/cache   available
Mem:           7.7Gi       2.9Gi       166Mi       192Mi       5.1Gi       4.8Gi
Swap:             0B          0B          0B
 
[INFO] systemd failed services status:
  UNIT LOAD ACTIVE SUB DESCRIPTION

0 loaded units listed.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.3.1


##### VERSION CHECK #####

[INFO] php (cli) version is 8.3.30
[INFO] php-cgi (used for cgi php in default vhost!) is version 8.3.30

##### PORT CHECK #####


##### MAIL SERVER CHECK #####

[WARN] I found no "smtps" entry in your postfix master.cf
[INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this.

##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Unknown process (nginx:) (PID 27934)
[INFO] I found the following mail server(s):
    Postfix (PID 1679)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 662)
[INFO] I found the following imap server(s):
    Dovecot (PID 662)
[INFO] I found the following ftp server(s):
    PureFTP (PID 1332)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[localhost]:10023        (705/postgrey)
[anywhere]:443        (27934/nginx:)
[anywhere]:465        (1679/master)
[anywhere]:143        (662/dovecot)
[localhost]:53        (670/named)
[localhost]:53        (670/named)
[localhost]:53        (670/named)
[localhost]:53        (670/named)
[anywhere]:25        (1679/master)
[anywhere]:22        (1/init)
[anywhere]:21        (1332/pure-ftpd)
[anywhere]:4190        (662/dovecot)
[anywhere]:80        (27934/nginx:)
[anywhere]:110        (662/dovecot)
[localhost]:783        (730/perl)
[anywhere]:995        (662/dovecot)
[anywhere]:993        (662/dovecot)
[localhost]:953        (670/named)
[localhost]:953        (670/named)
[localhost]:953        (670/named)
[localhost]:953        (670/named)
[anywhere]:587        (1679/master)
***.***.***.***:53        (553/systemd-resolve)
[localhost]:11334        (971/rspamd:)
[localhost]:11333        (971/rspamd:)
[localhost]:11332        (971/rspamd:)
[anywhere]:3306        (1141/mariadbd)
[anywhere]:8081        (27934/nginx:)
[anywhere]:8080        (27934/nginx:)
***.***.***.***:53        (670/named)
***.***.***.***:53        (670/named)
***.***.***.***:53        (670/named)
***.***.***.***:53        (670/named)
[localhost]:6379        (724/redis-server)
***.***.***.***:53        (553/systemd-resolve)
[localhost]:11211        (669/memcached)
*:*:*:*::*1:d3ff:feaf:9a:53        (670/named)
*:*:*:*::*1:d3ff:feaf:9a:53        (670/named)
*:*:*:*::*1:d3ff:feaf:9a:53        (670/named)
*:*:*:*::*1:d3ff:feaf:9a:53        (670/named)
*:*:*:*::*:443        (27934/nginx:)
*:*:*:*::*:465        (1679/master)
*:*:*:*::*:11211        (669/memcached)
[localhost]43        (662/dovecot)
*:*:*:*::*:25        (1679/master)
*:*:*:*::*:22        (1/init)
*:*:*:*::*:21        (1332/pure-ftpd)
*:*:*:*::*:4190        (662/dovecot)
*:*:*:*::*:80        (27934/nginx:)
[localhost]10        (662/dovecot)
*:*:*:*::*:995        (662/dovecot)
*:*:*:*::*:993        (662/dovecot)
*:*:*:*::*:6379        (724/redis-server)
*:*:*:*::*:587        (1679/master)
*:*:*:*::*:3306        (1141/mariadbd)
*:*:*:*::*:8081        (27934/nginx:)
*:*:*:*::*:8080        (27934/nginx:)
*:*:*:*::*:783        (730/perl)
*:*:*:*::*:953        (670/named)
*:*:*:*::*:953        (670/named)
*:*:*:*::*:953        (670/named)
*:*:*:*::*:953        (670/named)
*:*:*:*::*:53        (670/named)
*:*:*:*::*:53        (670/named)
*:*:*:*::*:53        (670/named)
*:*:*:*::*:53        (670/named)




##### IPTABLES #####
Chain INPUT (policy DROP)
target     prot opt source               destination         
ufw-before-logging-input  0    --  [anywhere]/0            [anywhere]/0           
ufw-before-input  0    --  [anywhere]/0            [anywhere]/0           
ufw-after-input  0    --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-input  0    --  [anywhere]/0            [anywhere]/0           
ufw-reject-input  0    --  [anywhere]/0            [anywhere]/0           
ufw-track-input  0    --  [anywhere]/0            [anywhere]/0           

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ufw-before-logging-forward  0    --  [anywhere]/0            [anywhere]/0           
ufw-before-forward  0    --  [anywhere]/0            [anywhere]/0           
ufw-after-forward  0    --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-forward  0    --  [anywhere]/0            [anywhere]/0           
ufw-reject-forward  0    --  [anywhere]/0            [anywhere]/0           
ufw-track-forward  0    --  [anywhere]/0            [anywhere]/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  0    --  [anywhere]/0            [anywhere]/0           
ufw-before-output  0    --  [anywhere]/0            [anywhere]/0           
ufw-after-output  0    --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-output  0    --  [anywhere]/0            [anywhere]/0           
ufw-reject-output  0    --  [anywhere]/0            [anywhere]/0           
ufw-track-output  0    --  [anywhere]/0            [anywhere]/0           

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  17   --  [anywhere]/0            [anywhere]/0            udp dpt:137
ufw-skip-to-policy-input  17   --  [anywhere]/0            [anywhere]/0            udp dpt:138
ufw-skip-to-policy-input  6    --  [anywhere]/0            [anywhere]/0            tcp dpt:139
ufw-skip-to-policy-input  6    --  [anywhere]/0            [anywhere]/0            tcp dpt:445
ufw-skip-to-policy-input  17   --  [anywhere]/0            [anywhere]/0            udp dpt:67
ufw-skip-to-policy-input  17   --  [anywhere]/0            [anywhere]/0            udp dpt:68
ufw-skip-to-policy-input  0    --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         
LOG        0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ACCEPT     0    --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 8
ufw-user-forward  0    --  [anywhere]/0            [anywhere]/0           

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     0    --  [anywhere]/0            [anywhere]/0           
ACCEPT     0    --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  0    --  [anywhere]/0            [anywhere]/0            ctstate INVALID
DROP       0    --  [anywhere]/0            [anywhere]/0            ctstate INVALID
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     1    --  [anywhere]/0            [anywhere]/0            icmptype 8
ACCEPT     17   --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
ufw-not-local  0    --  [anywhere]/0            [anywhere]/0           
ACCEPT     17   --  [anywhere]/0            ***.***.***.***          udp dpt:5353
ACCEPT     17   --  [anywhere]/0            ***.***.***.***      udp dpt:1900
ufw-user-input  0    --  [anywhere]/0            [anywhere]/0           

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     0    --  [anywhere]/0            [anywhere]/0           
ACCEPT     0    --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-user-output  0    --  [anywhere]/0            [anywhere]/0           

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     0    --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
LOG        0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     0    --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
RETURN     0    --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
RETURN     0    --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
DROP       0    --  [anywhere]/0            [anywhere]/0           

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
DROP       0    --  [anywhere]/0            [anywhere]/0           

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       0    --  [anywhere]/0            [anywhere]/0           

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
ACCEPT     0    --  [anywhere]/0            [anywhere]/0           

Chain ufw-track-forward (1 references)
target     prot opt source               destination         

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            ctstate NEW
ACCEPT     17   --  [anywhere]/0            [anywhere]/0            ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-input (1 references)
target     prot opt source               destination         
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:21
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:22
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:25
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:53
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:80
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:110
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:143
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:443
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:465
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:587
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:993
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:995
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:4190
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
ACCEPT     6    --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
ACCEPT     17   --  [anywhere]/0            [anywhere]/0            udp dpt:53

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        0    --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT     0    --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     0    --  [anywhere]/0            [anywhere]/0           

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-output (1 references)
target     prot opt source               destination         




##### LET'S ENCRYPT #####
acme.sh is installed in /root/.acme.sh/acme.sh
     
    Gerald ALLEN, Mar 1, 2026
    #2
  3. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    You may need to redo @Th0m's tutorial on setting up that mail alias on your new server, so its main server certs are extended to it again.
     
    ahrasis, Mar 1, 2026
    #3
  4. Gerald ALLEN

    Gerald ALLEN New Member

    Do you have a link for that? I can go searching, but if you have it handy...
    If not, I'll go digging when I get back home later.
    Thanks for the idea!
     
    Gerald ALLEN, Mar 1, 2026
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Mar 1, 2026
    #5
    ahrasis likes this.

Share This Page