We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
I can’t get my e-mail to work with LetsEncrypt.
I can’t get my e-mail to work with LetsEncrypt.
My OS is Ubuntu 18.04
When I installed VestaCP, I installed Exim4 and Dovecot for e-mail.
(Below I am using fictitious names to illustrate my points.)
Based on a tutorial I found (https://www.mysterydata.com/how-to-conf ... nd-ubuntu/), I:
installed using srv1.main_domain.com as the host.
edited this host to remove all aliases and checked the SSL and LetsEncrypt boxes.
Added the file vestassl to /etc/cron.daily/ The code in the file:
I made the file executable and ran it.
I then restarted vesta, exim4 and dovecot.
In Vesta, in Web I added the domain second_domain.com withOUT DNS support (I’m using Cloudflare) but with mail and SSL/LetsEncrypt support. When I check, there is certificate information in the appropriate fields in the Web edit section.
I added an e-mail account.
I use Thunderbird e-mail client. I set up this e-mail account using POP3, port 995 and SMTP, port 587.
I can send and receive e-mail, but I have to add security exceptions to do so.
When I click “Get Messages” or try to send an email, I get a window that tells me the site is trying to identify itself with invalid information and the certificate belongs to a different site.
This window has the option to view the certificate. When I look at it, the Common Name (CN) is srv1.main_domain.com, not mail.second_domain.com.
What do I need to do to get a certificate working in conjunction with mail.second_domain.com?
When I installed VestaCP, I installed Exim4 and Dovecot for e-mail.
(Below I am using fictitious names to illustrate my points.)
Based on a tutorial I found (https://www.mysterydata.com/how-to-conf ... nd-ubuntu/), I:
installed using srv1.main_domain.com as the host.
edited this host to remove all aliases and checked the SSL and LetsEncrypt boxes.
Added the file vestassl to /etc/cron.daily/ The code in the file:
Code: Select all
#!/bin/bash
cert_src="/home/admin/conf/web/ssl.srv1.main_domain.com.pem"
key_src="/home/admin/conf/web/ssl.srv1.main_domain.com.key"
cert_dst="/usr/local/vesta/ssl/certificate.crt"
key_dst="/usr/local/vesta/ssl/certificate.key"
if ! cmp -s $cert_dst $cert_src
then
# Copy Certificate
cp $cert_src $cert_dst
# Copy Keyfile
cp $key_src $key_dst
# Change Permission
chown root:mail $cert_dst
chown root:mail $key_dst
# Restart Services
service vesta restart &> /dev/null
service exim4 restart &> /dev/null
service dovecot restart &> /dev/null
fi
I then restarted vesta, exim4 and dovecot.
In Vesta, in Web I added the domain second_domain.com withOUT DNS support (I’m using Cloudflare) but with mail and SSL/LetsEncrypt support. When I check, there is certificate information in the appropriate fields in the Web edit section.
I added an e-mail account.
I use Thunderbird e-mail client. I set up this e-mail account using POP3, port 995 and SMTP, port 587.
I can send and receive e-mail, but I have to add security exceptions to do so.
When I click “Get Messages” or try to send an email, I get a window that tells me the site is trying to identify itself with invalid information and the certificate belongs to a different site.
This window has the option to view the certificate. When I look at it, the Common Name (CN) is srv1.main_domain.com, not mail.second_domain.com.
What do I need to do to get a certificate working in conjunction with mail.second_domain.com?
Re: I can’t get my e-mail to work with LetsEncrypt.
Google traslator:
La forma más sencilla de conseguirlo consiste en que el nombre de la máquina y el del dominio sean el mismo. Así puedes usar el certificado expedido para "domain.tld" y "www.domain.tld" y además se renovará automáticamente. No necesitas un certificado para "mail.domain.tld".
Ejemplo:
The simplest way to get it is to have the name of the machine and the domain name be the same. So you can use the certificate issued for "domain.tld" and "www.domain.tld" and it will also be automatically renewed. You do not need a certificate for "mail.domain.tld".
Example:So that your mail is not considered spam, remember to point your record "reverse dns" to "domain.tld" in the control panel of your vps.
- Generates a certificate for the web "domain.tld" and its alias "www.domain.tld".
- Change the hostname and server name to "domain.tld".
- Use "domain.tld" in Thunderbird's SMTP and IMAP fields.
La forma más sencilla de conseguirlo consiste en que el nombre de la máquina y el del dominio sean el mismo. Así puedes usar el certificado expedido para "domain.tld" y "www.domain.tld" y además se renovará automáticamente. No necesitas un certificado para "mail.domain.tld".
Ejemplo:
- Genera un certificado para la web "domain.tld" y su alias "www.domain.tld".
- Cambia el nombre de host y del servidor a "domain.tld".
- Usa "domain.tld" en los campos SMTP e IMAP de Thunderbird.
Re: I can’t get my e-mail to work with LetsEncrypt.
First, thanks for the hint about reverse DNS to prevent my emails being designated as spam.
Regarding, the hostname (macine name) being the same as the domain name, that is inadequate. In my post, I only used one domain to keep thepost from being any longer. But in actuality, I have multiple domais set up on this server, so even if I set one up with the same name as the hostname, I'll still have the problem with the other domains.
Regarding, the hostname (macine name) being the same as the domain name, that is inadequate. In my post, I only used one domain to keep thepost from being any longer. But in actuality, I have multiple domais set up on this server, so even if I set one up with the same name as the hostname, I'll still have the problem with the other domains.
Re: I can’t get my e-mail to work with LetsEncrypt.
My VestaCP is for personal use and I only have a domain.
Then I think the only way for do it, is to create a empty web "mail." subdomain for every domain, because Let'sencryt needs web access for verify it.
This way, hostname and reverse dns can to be diferent to domain name.
Then I think the only way for do it, is to create a empty web "mail." subdomain for every domain, because Let'sencryt needs web access for verify it.
This way, hostname and reverse dns can to be diferent to domain name.
Re: I can’t get my e-mail to work with LetsEncrypt.
I'm not sure if what I describe below is what you intended, but it didn't work. I still get the request to authorize an exception when I try to check mail in Thunderbird.
In Web I added the domain mail.second_domain.com WITHOUT SSL support and removed the www alias from the box that Vesta automatically adds.
I entered https://mail.second_domain.com in a browser and got the usual page about the requested page not being secure.
In Vesta, I edited the domain to add SSL support.
I again entered https://mail.second_domain.com in a browser and this time I got the default Vesta index.html page.
But when I tried to check email in Thunderbird, I still got the warning that it is unsecure and asking if I want to add an exception.
In Web I added the domain mail.second_domain.com WITHOUT SSL support and removed the www alias from the box that Vesta automatically adds.
I entered https://mail.second_domain.com in a browser and got the usual page about the requested page not being secure.
In Vesta, I edited the domain to add SSL support.
I again entered https://mail.second_domain.com in a browser and this time I got the default Vesta index.html page.
But when I tried to check email in Thunderbird, I still got the warning that it is unsecure and asking if I want to add an exception.
Re: I can’t get my e-mail to work with LetsEncrypt.
Are you using "mail.second_domain.com" in outgoing and incoming Thunderbird servers fields?
If it is so, I don't know what is happening.
If it is so, I don't know what is happening.
Re: I can’t get my e-mail to work with LetsEncrypt.
Yes, I'm using mail.second_domain.com for both.
Re: I can’t get my e-mail to work with LetsEncrypt.
I have been playing a long time with my VPS and have found several problems and solutions. This is right way to do it: How to setup a Let'sEncrypt hostname certificate for VestaCP, Exim, Dovecot...