Email - certificate is not trusted because the issuer certificate is unknown

coffeemug · Feb 6, 2019

I am working with letsencrypt, which supposly is working.

When I was adding the new email account in my thunderbird, it came up with the message "certificate is not trusted because the issuer certificate is unknown"
It looks like an letsencrypt related issue. How can I fix it?
Yeah, I am able to add the key manually to the trusted in my local thunderbird, but I am pretty sure, that if I don't fix the problem, a lot of my mails will go straight to the recipients spam folder.

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.1.13


##### VERSION CHECK #####

[INFO] php (cli) version is 7.0.33-0+deb9u1

##### PORT CHECK #####


##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Apache 2 (PID 1259)
[INFO] I found the following mail server(s):
    Postfix (PID 1246)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 954)
[INFO] I found the following imap server(s):
    Dovecot (PID 954)
[INFO] I found the following ftp server(s):
    PureFTP (PID 1351)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[localhost]:10023        (751/postgrey)
[localhost]:10024        (1409/amavisd-new)
[localhost]:10025        (1246/master)
[localhost]:10026        (1409/amavisd-new)
[localhost]:10027        (1246/master)
[anywhere]:587        (1246/master)
[localhost]:11211        (860/memcached)
[anywhere]:110        (954/dovecot)
[anywhere]:143        (954/dovecot)
[anywhere]:465        (1246/master)
[anywhere]:21        (1351/pure-ftpd)
***.***.***.***:53        (862/named)
[localhost]:53        (862/named)
[anywhere]:22        (943/sshd)
[anywhere]:25        (1246/master)
[localhost]:953        (862/named)
[anywhere]:993        (954/dovecot)
[anywhere]:995        (954/dovecot)
*:*:*:*::*:10023        (751/postgrey)
*:*:*:*::*:10024        (1409/amavisd-new)
*:*:*:*::*:10026        (1409/amavisd-new)
*:*:*:*::*:3306        (1055/mysqld)
*:*:*:*::*:587        (1246/master)
[localhost]10        (954/dovecot)
[localhost]43        (954/dovecot)
*:*:*:*::*:80        (1259/apache2)
*:*:*:*::*:8080        (1259/apache2)
*:*:*:*::*:465        (1246/master)
*:*:*:*::*:8081        (1259/apache2)
*:*:*:*::*:21        (1351/pure-ftpd)
*:*:*:*::*:53        (862/named)
*:*:*:*::*:22        (943/sshd)
*:*:*:*::*:25        (1246/master)
*:*:*:*::*:953        (862/named)
*:*:*:*::*:443        (1259/apache2)
*:*:*:*::*:993        (954/dovecot)
*:*:*:*::*:995        (954/dovecot)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multi
port dports 25
f2b-dovecot  tcp  --  [anywhere]/0            [anywhere]/0            multiport
dports 110,995,143,993,587,465,4190
f2b-pure-ftpd  tcp  --  [anywhere]/0            [anywhere]/0            multipor
t dports 21
f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dp
orts 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain f2b-dovecot (1 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0           

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0           

Chain f2b-pure-ftpd (1 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0           

Chain f2b-sshd (1 references)
target     prot opt source               destination         
REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
RETURN     all  --  [anywhere]/0            [anywhere]/0

till · Feb 6, 2019

coffeemug said: ↑

Yeah, I am able to add the key manually to the trusted in my local thunderbird, but I am pretty sure, that if I don't fix the problem, a lot of my mails will go straight to the recipients spam folder.
Click to expand...

The SSL cert of your mail server is not used as a parameter for spam/not spam scoring of emails, so don't worry.

This tutorial shows how to use let#s encrypt to secure your mail system:

https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/

Please be aware that this cert is for the server hostname, so when you use the server hostname as mail server in your email client, then you will not get an SSL warning.

Log in or Sign up

Email - certificate is not trusted because the issuer certificate is unknown

coffeemug New Member

till Super Moderator Staff Member ISPConfig Developer

Share This Page

Log in or Sign up

Email - certificate is not trusted because the issuer certificate is unknown

coffeemug New Member

till Super Moderator Staff Member ISPConfig Developer

Share This Page

Useful Searches