Error on SSL certificate for domain email address
Error on SSL certificate for domain email address
Hi there,
I am having issues regarding an SSL certificate for my email based on a domain name, which has an SSL certificate. However, every time I try to use it with MS Outlook it give me an error which looks like this:
https://1drv.ms/i/s!Aj7sEIXOv9spgtNEQsIUAaGy-Gg5Vg
I've created the SSL certificate for xxxxxxxxcars.co.uk through my VestaCP picking Let's Ecrypt support.
So, I tried solving this in the following ways:
I've logged in to my VestaCP and clicked on the Mail tab, then I've picked the relevant domain and chose the email address let's say [email protected].
I went to edit and from the table on the right I've tried to change it from 'Use server hostname' to 'Use domain hostname' (because the certificate was released onto the domain).
But this does not work as it keeps changing back to 'Use server hostname'. Here it's how it looks:
https://1drv.ms/i/s!Aj7sEIXOv9spgtNHc4wKTkYjGNaVpg
https://1drv.ms/i/s!Aj7sEIXOv9spgtNGYl3Z5VwA22Wnhw
Another way that I've tried was to go to Web tab and add a domain where I've put the domain name as my VPS server let's say vpsxxxxxx.ovh.net (this is the server related to the domain and the email). While adding this I wanted to add an SSL certificate for the server but this gave me another error:
https://1drv.ms/i/s!Aj7sEIXOv9spgtNFStk_b-A4Lzvi7g
I don't understand why all of this happens but I am sure that there is a solution for this. Please share your knowledge, any information will be appreciated.
Thanks!
I am having issues regarding an SSL certificate for my email based on a domain name, which has an SSL certificate. However, every time I try to use it with MS Outlook it give me an error which looks like this:
https://1drv.ms/i/s!Aj7sEIXOv9spgtNEQsIUAaGy-Gg5Vg
I've created the SSL certificate for xxxxxxxxcars.co.uk through my VestaCP picking Let's Ecrypt support.
So, I tried solving this in the following ways:
I've logged in to my VestaCP and clicked on the Mail tab, then I've picked the relevant domain and chose the email address let's say [email protected].
I went to edit and from the table on the right I've tried to change it from 'Use server hostname' to 'Use domain hostname' (because the certificate was released onto the domain).
But this does not work as it keeps changing back to 'Use server hostname'. Here it's how it looks:
https://1drv.ms/i/s!Aj7sEIXOv9spgtNHc4wKTkYjGNaVpg
https://1drv.ms/i/s!Aj7sEIXOv9spgtNGYl3Z5VwA22Wnhw
Another way that I've tried was to go to Web tab and add a domain where I've put the domain name as my VPS server let's say vpsxxxxxx.ovh.net (this is the server related to the domain and the email). While adding this I wanted to add an SSL certificate for the server but this gave me another error:
https://1drv.ms/i/s!Aj7sEIXOv9spgtNFStk_b-A4Lzvi7g
I don't understand why all of this happens but I am sure that there is a solution for this. Please share your knowledge, any information will be appreciated.
Thanks!
Re: Error on SSL certificate for domain email address
Anyone? Please...
-
sacredwebsite
- Posts: 29
- Joined: Sun Dec 13, 2015 6:18 pm
Re: Error on SSL certificate for domain email address
Vesta currently does not pass the web domain SSL cert to the email level, this means that only your server hostname can be used without showing the certificate warning. I am not sure if this is quite possible as I have not yet myself studied how this can be implemented, I just know its expected right now, so if you use the domain to connect to, you have to either not use encryption, ignore the cert warning, or use the server name as the domain name.
However, in order for the server name to not trigger a warning, the cert itself there must be valid (not be self signed), and also the proper configuration must be made for the mail server to use it.
The best way to configure your server correctly to use the hostname and not get an error is by executing the following command on your server as root:
v-update-host-certificate [USER] [HOSTNAME]
USER is the user that has the web domain that you are pulling the cert from (most often admin as the server hostname is added to it by default), and HOSTNAME is your server hostname as listed in the web section and best to be matching your server hostname in the server configuration or you will have a cert error
If the hostname cert is being generated by Let's Encrypt, You can probably add this command to your admin user CRON so that you do not have to remember to run it when the cert expires every 3 months.
sudo /usr/local/vesta/bin/v-update-host-certificate [USER] [HOSTNAME]
Its up to you to decide how often it runs, I would set it to run once a month.
remember to replace [USER] [HOSTNAME] with your user and hostname (without the brackets [])
This was added recently, as of this pull request, you can read more details here:
https://github.com/serghey-rodin/vesta/pull/1317
This is the script if you want to look at it:
https://github.com/serghey-rodin/vesta/ ... ertificate
However, in order for the server name to not trigger a warning, the cert itself there must be valid (not be self signed), and also the proper configuration must be made for the mail server to use it.
The best way to configure your server correctly to use the hostname and not get an error is by executing the following command on your server as root:
v-update-host-certificate [USER] [HOSTNAME]
USER is the user that has the web domain that you are pulling the cert from (most often admin as the server hostname is added to it by default), and HOSTNAME is your server hostname as listed in the web section and best to be matching your server hostname in the server configuration or you will have a cert error
If the hostname cert is being generated by Let's Encrypt, You can probably add this command to your admin user CRON so that you do not have to remember to run it when the cert expires every 3 months.
sudo /usr/local/vesta/bin/v-update-host-certificate [USER] [HOSTNAME]
Its up to you to decide how often it runs, I would set it to run once a month.
remember to replace [USER] [HOSTNAME] with your user and hostname (without the brackets [])
This was added recently, as of this pull request, you can read more details here:
https://github.com/serghey-rodin/vesta/pull/1317
This is the script if you want to look at it:
https://github.com/serghey-rodin/vesta/ ... ertificate