We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Multiple domains, 'Cert Hostname DOES NOT VERIFY' according to TLS checker
-
- Posts: 25
- Joined: Wed Sep 09, 2015 7:19 pm
Multiple domains, 'Cert Hostname DOES NOT VERIFY' according to TLS checker
I own a server running 4 websites.
I understand there is an issue with exim4's SSL settings and multiple domains, so as other posts on the forum have suggested I've followed the instructions here (viewtopic.php?f=10&t=18861) to setup a site with renewing SSL certificate in VestaCP, the url of which is the one I was issued when I first purchased my server, nsxxxxxx.ip-xxx-xxx-xx.net (x represents a number), rather than any specific web domain I have since purchased and registered with vestacp.
In my email client, I refer to nsxxxxxx.ip-xxx-xxx-xx.net as my mail server for each of my accounts, that way the SSL certificate should be valid.
I have enabled SSL/TLS and emails appear to be received and delivered ok. It seems happy with the SSL certificate.
But when I try testing any of my email addresses with https://www.checktls.com/TestReceiver, I get an error.
If I use the address [email protected] (sitename.com being one of my sites), then I get the following error when it tries to validate the first certificate in my chain:
Cert Hostname DOES NOT VERIFY (mail.sitename.com != nsxxxxxx.ip-xxx-xxx-xx.net | DNS:nsxxxxxx.ip-xxx-xxx-xx.net)
I believe the reason this fails but my email client doesn't, is because I've specified the mail server in my email client and it trusts me, while this tool assumes my mail server from the email address or DNS records.
This is a problem.
On one of the sites I run a wordpress blog that uses a plugin called WP Mail SMTP, which also fails if I try sending any emails with SSL/TLS for the same reasons it appears...
Is there any way around this?
I understand there is an issue with exim4's SSL settings and multiple domains, so as other posts on the forum have suggested I've followed the instructions here (viewtopic.php?f=10&t=18861) to setup a site with renewing SSL certificate in VestaCP, the url of which is the one I was issued when I first purchased my server, nsxxxxxx.ip-xxx-xxx-xx.net (x represents a number), rather than any specific web domain I have since purchased and registered with vestacp.
In my email client, I refer to nsxxxxxx.ip-xxx-xxx-xx.net as my mail server for each of my accounts, that way the SSL certificate should be valid.
I have enabled SSL/TLS and emails appear to be received and delivered ok. It seems happy with the SSL certificate.
But when I try testing any of my email addresses with https://www.checktls.com/TestReceiver, I get an error.
If I use the address [email protected] (sitename.com being one of my sites), then I get the following error when it tries to validate the first certificate in my chain:
Cert Hostname DOES NOT VERIFY (mail.sitename.com != nsxxxxxx.ip-xxx-xxx-xx.net | DNS:nsxxxxxx.ip-xxx-xxx-xx.net)
I believe the reason this fails but my email client doesn't, is because I've specified the mail server in my email client and it trusts me, while this tool assumes my mail server from the email address or DNS records.
This is a problem.
On one of the sites I run a wordpress blog that uses a plugin called WP Mail SMTP, which also fails if I try sending any emails with SSL/TLS for the same reasons it appears...
Is there any way around this?