ssl / mail / hostname / certificate trouble

[skurudo]

small mistake big impact
// I think that was also the problem of the first attempt of mine?!

Nope, it's just happen ;-)

[BBuchanan1013]

I know this is an older post but I have working instructions:

SpoilerShow

I copied / pasted information over from nginx

Make sure your SSL is working on the panel. I had to rename my domains crt to pem (this is in /usr/local/vesta/nginx/conf/nginx.conf):

Code: Select all

ssl_certificate      /usr/local/vesta/ssl/ssl.domain.tld.pem;
        ssl_certificate_key  /usr/local/vesta/ssl/ssl.domain.tld.key;

Then restart vesta:

Code: Select all

service vesta restart

if it fails to start, read what ssh is telling you, on CentOS 7 you can use:

Code: Select all

systemctl vesta.service -l

This will generally be a mismatch. Which happened to me a billion times til I figured out to rename my domain.tld.crt to ssl.domain.tld.pem and copy the key from /home/user/conf/web/ to /usr/local/vesta/ssl.domain.tld.key

Now with all that junk outta the way, time to work on the mail service.

In /etc/dovecot/conf.d/10-ssl.conf:

Code: Select all

ssl = yes
ssl_cert = </usr/local/vesta/ssl/ssl.domain.tld.pem
ssl_key = </usr/local/vesta/ssl/ssl.domain.tld.key

Restart dovecot: (note: this might take a moment, depending on the server, took me nearly 15-20 seconds)

Code: Select all

service dovecot restart

Now onto exim:
In /etc/exim/exim.conf find the lines that start with:tls_certificate

Code: Select all

tls_certificate = /usr/local/vesta/ssl/ssl.domain.tld.pem
tls_privatekey = /usr/local/vesta/ssl/ssl.domain.tld.key

Restart exim:

Code: Select all

service exim restart

Now in your email client, you can run SSL\TLS. Pop 995 and SMTP 465.

[webass]

Hi,
I have just one domain which uses lets cert SSL ... it has its own webfolder and all.
And the SSL is attached in this webfolder at all.
Now, when sending email it doesnt save them in folder "sent" anymore.
But the email is sent correctly. when I just change the setting in thunderbird to SSL/TLS.
Curious

[webass]

I now saw, that I can use it normally on webmail , but I cannot set the mailbox up in thunderbird.
Then I took the SSL cert out again.

Now I still cannot set a mailbox up in thunderbird.
It doesnt accept any tried setting.

[mephivio]

is it working if you have several domains on the same vesta (1 certificate per domain ?) ?
thx

[krok]

Any update on this? i cant access using different mail clients, then i get greetings errors, tls errors.

[user_chris]

is it working if you have several domains on the same vesta (1 certificate per domain ?) ?
thx

Multiple certificates for the domains is not a problem.
Mails are sent via the hostname...

[user_chris]

Any update on this? i cant access using different mail clients, then i get greetings errors, tls errors.

With me everything works - last week the certificate renewed

[luckywonder]

how to modify the certificate to have mail rights

SSL_CTX_use_PrivateKey_file file=/home/admin/conf/web/ssl.******************.key): error:0200100D:system library:fopen:Permission denied

when updating my permissions to root:root, but I need to have privileges root:mail

[SPEC1AL1ST]

I have error: "SSL error: Leaf certificate is self-signed"
What i need to do?