I don't know what happened: Suddenly no mails could have been sent to my server: Mails were rejected by the sender with 'TLS Negotiation failed, the certificate doesn't match the host' starting 1st/2nd august Checking the smtp server on mxtoolbox showed everything works fine (incl. TLS) What I did last week was updating ISPC to 3.2.12.p1 and I made a change to the apache directive of the site 'ispc.server.com' to reach IPSC without 8080 Code: RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://ispc.server.com/$1 [R,L] SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass / https://ispc.server.com:8080/ ProxyPassReverse / https://ispc.server.com:8080/ But soon later users trying to send mails to my server received mail errors (TLS negotiation failed). I figured it must be because the cert for postfix seems to be set for the temporary new hostname (newname.server.com used for migration) --> If I opened "ispc.server.com:8080" I receive a ssl error, because the cert ist set to "newname.server.com". If I opened "ispc.server.com" everything worked fine. I've checked all files /etc/hostname, /etc/mailname, /etc/hosts and /etc/postfix/main.cf --> the right servername is entered correctly as 'ispc' and 'ispc.server.com' Checking acme.sh the "newname.server.com" has been updated aug 1st "ipsc.server.com" has been updated july 4th (3 months after installing) etc/postfix/main.cf has the correct name entered: ipsc.server.com Where else do I have to check for the wrong name? I now ran "ispconfig.sh --force" Code: >> Update Operating System: Ubuntu 22.04.4 LTS (Jammy Jellyfish) This application will update ISPConfig 3 on your server. Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: no Checking MariaDB version 10.6.18 .. OK Checking ISPConfig database .. OK Starting incremental database update. Loading SQL patch file: /tmp/update_runner.sh.AAxiQLC1hv/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Configuring Spamassassin Configuring Rspamd Configuring Getmail Configuring BIND Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring AppArmor Configuring Ubuntu Firewall Configuring Database Updating ISPConfig ISPConfig Port [8080]: Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for ispc.server.com Using certificate path /root/.acme.sh/ispc.server.com sh: 1: cannot open /dev/tcp/127.0.0.1/80: No such file Using apache for certificate validation acme.sh is installed, overriding certificate path to use /root/.acme.sh/ispc.server.com Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Update finished. --> This seems to have solved my problem, but I fear it's again only temporary "acme.sh --list" shows nothing has been changed (all dates as before force-update), but checking /usr/local/ispconfig/interface/ssl the certs have been updated: ispserver.cert shows now 'ispc.server.com' (dated july 4rth) instead of 'newname.server.com' (dated aug 1st) How can I ensure this will be kept and where else do I have to check for the old name?
