Re: TUTORIAL: How to install SSL certificate to Vesta, Exim and dovecot daemons
Posted: Tue Apr 02, 2019 7:15 am
Hello,
we had already Let's encrypt done via admin but we have issues under another domain we are hosting for email services on the Vesta panel.
So, this is the situation:
We have mydomain2.fi in Linode IP xxx. And I can access the website. We are using a Vesta Control Panel in another IP address to provide only the email services for this domain. I can't get the emails arriving to the [email protected] that is located in this other Linode server (IP yyy) under vesta cpanel but I can send from there and that arrives to the receiver. I get all the time this error: "EXPIRED: Certificate 1 of 1 in chain: Cert VALIDATION ERROR(S): self signed certificate; certificate has expired So email is encrypted but the recipient domain is not verified" (this I can see in https://www.checktls.com/TestReceiver).
When I do check the certificate in the web browser, it is valid until June 2019. The IMAP / SMTP hostname in vesta control panel mail information is MYDOMAIN.com (it is not mail.MYDOMAIN.com). I can send emails from there, but not to receive. If I send any email from another email address I am getting this error message after few hours: <[email protected]>: host MYDOMAIN.com[ip address] said: 451 Temporary local problem - please try later (in reply to end of DATA command). I changed again the DNS info below Domains tab in Linode admin. I still have the MX settings to point to hostname MYDOMAIN.com but in A records I removed the hostname "mail" because Vesta cpanel is not using any subdomain "mail" in the settings. Should I have it or not? Instead I put as hostname MYDOMAIN.com and to the right IP address yyy. The problem is to wait for hours always after each time and nothing seems to help. I've done this for couple of weeks now. I try to study by myself and not to bother other people, but I could use some tips.
Using this service at https://www.checktls.com/TestReceiver, I get this among others (this is the only fail part):
Certificate 1 of 3 in chain: Cert VALIDATED: ok
Cert Hostname DOES NOT VERIFY (mail.MYDOMAIN.com != MYDOMAIN.com | DNS:MYDOMAIN.com | DNS:www.MYDOMAIN.com)
So email is encrypted but the host is not verified
cert not revoked by CRL
cert not revoked by OCSP
we had already Let's encrypt done via admin but we have issues under another domain we are hosting for email services on the Vesta panel.
So, this is the situation:
We have mydomain2.fi in Linode IP xxx. And I can access the website. We are using a Vesta Control Panel in another IP address to provide only the email services for this domain. I can't get the emails arriving to the [email protected] that is located in this other Linode server (IP yyy) under vesta cpanel but I can send from there and that arrives to the receiver. I get all the time this error: "EXPIRED: Certificate 1 of 1 in chain: Cert VALIDATION ERROR(S): self signed certificate; certificate has expired So email is encrypted but the recipient domain is not verified" (this I can see in https://www.checktls.com/TestReceiver).
When I do check the certificate in the web browser, it is valid until June 2019. The IMAP / SMTP hostname in vesta control panel mail information is MYDOMAIN.com (it is not mail.MYDOMAIN.com). I can send emails from there, but not to receive. If I send any email from another email address I am getting this error message after few hours: <[email protected]>: host MYDOMAIN.com[ip address] said: 451 Temporary local problem - please try later (in reply to end of DATA command). I changed again the DNS info below Domains tab in Linode admin. I still have the MX settings to point to hostname MYDOMAIN.com but in A records I removed the hostname "mail" because Vesta cpanel is not using any subdomain "mail" in the settings. Should I have it or not? Instead I put as hostname MYDOMAIN.com and to the right IP address yyy. The problem is to wait for hours always after each time and nothing seems to help. I've done this for couple of weeks now. I try to study by myself and not to bother other people, but I could use some tips.
Using this service at https://www.checktls.com/TestReceiver, I get this among others (this is the only fail part):
Certificate 1 of 3 in chain: Cert VALIDATED: ok
Cert Hostname DOES NOT VERIFY (mail.MYDOMAIN.com != MYDOMAIN.com | DNS:MYDOMAIN.com | DNS:www.MYDOMAIN.com)
So email is encrypted but the host is not verified
cert not revoked by CRL
cert not revoked by OCSP