Hi Team, We migrated the mailbox from 1 server to another, I configured the MX record, SPF, and Dkim with no issue, however, and we are getting SSL Mismatch. When I check the SSL Checker (https://www.sslshopper.com/ssl-checker.html) it shows this? The smtp certificate that use is the certificate of the server web2.domain.com What do I need to do so that the smtp certificate matches to mail.domain.com? Thank you
The test you did above does not test for the ssl cert that is used for smtp, as you can see in test result, it tested the ssl cert for apache, which is the web server and not email system. Besides that, the SSL checker you used can easily lead to false errors even if used for smtp as it can not know which domain must be in the cert. The SSL cert must match the hostname of the server, not the mail domain. You can get the hostname of the server with the command: hostname -f and that's the domain name that must be in the cert. In case you installed ISPConfig and selected to use a Let#s encrypt cert, then that's correct automatically as ISPConfig creates the cert based on the systems hostname.
That is what I understand also however when I configure my email in outlook and about to sync it shows this: and when I view the certificate it shows this: and in gmail i got this error: Please let me know how can I fix this.
Your rDNS setting has to match your mailname (/etc/mailname) and the "myhostname" parameter in the postfix config file (/etc/postfix/main.cf). This should also be your ispconfig domain (for which ISPC gets its certificate). Additionally, your certificate needs to be valid for this domain and your mail client should connect to this domain. The used certificate is in /etc/postfix/smtpd.cert and /etc/postfix/smtpd.key. You can just create a symlink to the valid certificate of your mailname domain. However, this depends a bit on how you have created your certificate in the first place. Have you used the ispconfig 3.2 way to create an ispc certificate?
You can get a valid cert through the installer (do a force update with Code: ispconfig_update.sh --force or issue it by following https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/
In addition to what @Steini86 and @Th0m posted, you must use the right server name in your mail client, which is the servers hostname and not a subdomain of any mail domain you might be using.
It seems like you have a valid cert for web2.example.com (where example.com is your domain), so when connecting to that it should work already.
are you using ISPConfig in multi server? you can ssh from another server and check your mail server: Code: openssl s_client -connect mail.example.com:443 make sure on DNS section it mention your mail server domain. if it is not, you need to create the certificate in that mail server. follow instruction in https://certbot.eff.org/lets-encrypt/ubuntufocal-other. it's so simple that they don't provide manual on this new edition LE. run this on your mail server, follow the instruction, and provide its domain. this using dns challenge so you must set your dns accordingly. Code: sudo certbot certonly --standalone next step, follow this thread https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ and follow the instruction on "Changing ISPConfig 3 Control Panel (Port 8080)" and "for postfix" section. your smtp is using the certificate you generated so take note where the certs are and link accordingly