Debian 13.5 ISPConfig Autoinstall Letsencrypt not working for mail domain

Discussion in 'Installation/Configuration' started by djh-compnet, Jun 22, 2026 at 6:25 PM.

Tags:
  1. djh-compnet

    djh-compnet New Member

    I have installed Debian 13.5 clean install of ISPConfig 3.3.1p on a Proxmox QEMU VM. I followed the perfect server guide with the auto-installation script. I have rebuilt the VM twice but I am unable to get Letsencrypt to work for a mail domain e.g mail.example.org. There are no indication of any logs that I can view to narrow down the issue. The mailsever worked well on a previous Ubuntu 22.04 installation with a fullchain certifcate eliminating further issues with Thunderbird. The current installation is cleanly installed without any modifications.
     
    djh-compnet, Jun 22, 2026 at 6:25 PM
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Mail domains do not have their own SSL cert as email accounts get accessed through the system hostname. I recommend reading our getting started guides, it's explained there:

    https://www.howtoforge.com/ispconfig-email-account/

    So there is most likely no issue here; you just entered the wrong name in your Mal client. To fix your issue, take care to always enter the system hostname as the SMTP and IMAP/POP3 server in your mail client as the system hostname is the name the SSL cert is issued for. you get the system hostname with the command:

    hostname -f

    on your system, in case you forgot to write down the hostname you assigned to your server.
     
    till, Jun 22, 2026 at 6:34 PM
    #2
  3. djh-compnet

    djh-compnet New Member

    I was using the recommended method to create a website and enable SSL/Letsencrypt without serving any web content on it. Enabling Letsencrypt does not work on the website and both SSL boxes end up being unticked This works on another machine and on the previous install on this machine.
     
    djh-compnet, Jun 22, 2026 at 6:38 PM
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so your claim that just using the auto-installer and your system is not working was wrong, especially the claim that you did not do any modifications. The manual SSL setup you applied is not recommended and was not done by the auto-installer.

    Please read the matching guide and checklist:

    https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/

    The most likely reasons are that the domain or a subdomain is not pointing to the server, or you blocked access to it on your server, so skip Let's Encrypt check must be enabled.
     
    till, Jun 22, 2026 at 6:49 PM
    #4
  5. djh-compnet

    djh-compnet New Member

    When your server is behind a NAT router or a firewall so that the server itself can not reach the hosted domains, then enable the option "Skip Letsencrypt check" under System -> Server config -> server1.example.com -> Web.

    This has helped getting me somewhere. Thanks for reaching out. I could have saved you the time if that page had come up in my searches.
     
    djh-compnet, Jun 22, 2026 at 7:47 PM
    #5

Share This Page