SSL-Certificate Verification for hosted mail-server domain

Discussion in 'Installation/Configuration' started by decentris, Nov 4, 2019.

  1. decentris

    decentris Member HowtoForge Supporter

    Hi Till,
    first of all, I need to say that ISPconfig is an awesome tool and I like it very much. Everything works fine besides a small issue I am fighting with. Maybe you got a tip for me:

    I set up the webserver with a unique domain (let's use "" as an example for this) and generated a LetsEncryppt - SSL-Certificate for it and also one for the Server-Subdomain "", where ISPconfig is hosted.

    I now set up 2 domains in ISPconfig and also Email-Accounts for each domain. And I also generated a LetsEncrypt - SSL-Certificate for these domains, which is working fine, when calling the domain with the browser. And according DNS-Entries A and MX for "".

    Problem is, when I want to set up the email-account in, let's say, Outlook, and I enter the "" for IMAP and SMTP-Server when setting up an email, let's say "", I get the following SSL-Warning:

    "The server, which you are connected to, uses an SSL-Certificate, which cannot be verfied. The target-principal-name (Zielprinzipalname) is not correct. Do you want to use this certificate anyway?"

    When I enter the Server-Domain "", there is no warning. So it seems, mail-service always uses the SSL-Certificate of the serverdomain.

    How can I set up that the server uses the respective customer-domain ssl, when setting up email-service and dns-A-MX record for this customerdomain?

    Thanks for your valued help.


    Attached Files:

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This is not recommended, your customers should use the server hostname which is a subdomain of your hosting company domain like mail.hostingcorp.tld and not a subdomain of their own domain, that's the wayall larger hosting companies do it. This has has been discussed many times in the forum why but there are also several threads that explain how to use the customer domain in case you really plan to have such a small system that this is feasible to add each customer domain manually to the central SSL cert of the mail system and remove it when a customer cancels its hosting.
  3. decentris

    decentris Member HowtoForge Supporter

    Hi Till, thanks for your fast reply.

    I already searched for such threads before writing mine and did not find a matching thread.

    Can you provide me a link to such a thread. This would be really helpful to me.

  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. decentris

    decentris Member HowtoForge Supporter

    Thank you very much, Till. Your support is really awesome, like your ISPconfig-System. :)

Share This Page