Autodiscover/Autoconfigure/Letsencrypt for secondary domains with A record outside


#1

Hi,

I have setup a mialbox 0.40 on Ubuntu 18 successfully where primary subdomain works fine .

Im trying to add second domain and having troubles on autoconfigure/autodiscover with it. The second domain has WWW outside of mailinabox, plus DNSes are not hostes with MIAB.

Thus , firstly :

As domain main A record points to other server i have no chance of generating Letencrypt for second domain subdomains (such as mail.seconddomain.com, pop.seconddomain.com, imap.seconddomain.com , autodiscover , autoconfig). MIAB complains:

"No certificate installed. The domain name does not resolve to this machine "

Can i somehow generate Letsencrypt certs for needed subdomains used for mail ? (mail.seconddomain.com, pop.seconddomain.com, imap.seconddomain.com, autoconfigure, autodiscover).

Without these working - i cant setup autoconfigure/autodiscover

Thanks.

PS - this post was edited to make my question more detailed and clear.


#2

I’m going to be blunt. This is a really poor post. I understand that these are legitimate questions, but your grammar and organization is so horrible to the point we can’t understand what you’re saying.

Firstly, who is hosting your DNS server? Your registrar? Mail-in-a-Box?

Certificates and DNS records are two separate things. You can have one without the other, they do not technically depend on each other.

Maybe you are talking about the certificate not matching the domain and the web browser is complaining?


#3

Not everyone’s native language is English. People do the best that they can. If you cannot understand what a poster is saying or asking, either pass the topic or ask for clarification. Honestly, I understand the OP’s post perfectly.

OP is adding a second domain which has web hosting elsewhere and wants to know how to issue a LE cert for it. OP is also wanting to use a different hostname for the boxes SMTP and IMAP (and MX).


#4

No, there is no need. You can create a SSL cert for your domain on the server where it is hosted. See https://letsencrypt.org for more information. The mail server does NOT need it.


#5

This is really beyond the scope of MiaB. That said, you CAN use a CNAME record in DNS to point pop.seconddomain.com and imap.seconddomain.com to your hostname of your MiaB install. This would be an unsupported modification.

I also believe that you would have to have a certificate for those subdomains which could be accomplished by adding a user for each subdomain and then issuing a certificate in the admin area, after the CNAME records are set up. In theory. I have not attempted this but I am curious so I am going to try. But honestly, you should just stick with the hostname of the box. If you have a specific reasoning to use vanity hostnames, MiaB is most likely not the product for you.


#6

Thanks everyone - and sorry for the badly composed message - will try to keep it clear next time (was in a hurry :wink: )

Basically trouble is maybe even not SSL related but rather autoconfig /autodiscover. So, here’s the setup :

Box hostname : mailbox.firstdomain.com (all good with this part so long :slight_smile: )

Now im adding seconddomain.com which has extarnal DNSes and separate IP for WEB hosting.

Now when i run new account addition in Thunderbird - the INCOMING server actually should be either imap.seconddomain.com or mailbox.fistdomain.com or imap.firstdomain.com (well something resolving to MIAB server), but somewhy it grabs plain seconddomain.com domain (which obviously resolves to another machine of webhosting, and shows “No encryption” - thats why i thought the problem is SSL).

I guess this might be something related to autodiscover, but theres no suggestion in DNS part of MiaB for autodiscover. So maybe you can pinpoint me, maybe i can somehow make CNAME in DNSes so autodiscover works and mail clients can get config porperly ?

second

Thanks !


#7

Use manual entry. Thunderbird is just guessing.

No, it should be mailbox.firstdomain.com. It is guessing seconddomain.com because the email account is at seconddomain.com. That is all that it is … a guess. Manually configure your email client!


#8

Well, i just found this thread: https://github.com/mail-in-a-box/mailinabox/pull/1467 which assumes exactly my problem where solved and merged to git , thus somehow this should have been working by now , but it doesnt :frowning:

PS - Concerning “manual configuration” - why would i create a topic here then :slight_smile: I’m planning to have 50-60 users aged 40-60 , and all of them would occasionally be pinging me for “we cant setup mail” . So this is not the case :slight_smile:


#9

It is a pull request which has not yet been merged.

Hey, I am old school … don’t rely on new fangled stuff when you can read the instructions and type a few lines of info …

I can see where this would be nice and stuff … but it is not yet a part of MiaB.

Maybe you can add your thoughts to the pull request (hint, hint).


#10

Well, yes, i missed it wasnt merged indeed. And it SHOULD BE MERGED :slight_smile:

Basically hints (I’m not sure if devs will notice this, whoich would be good) are as follows :

  1. There definitely should be an option generating Letsencrypt for autodiscover/autoconfig subdomains (either they are on inner DNSes or not.) Just check if it resolves to mailbox machine , and if so - add it to Letsencrypt ! (or add checkbox for manual try ?). For now i solved this by adding emails on subdomains (as recommended by alento earlier)

  2. Thunderbird autoconfig was solved nicley with https://github.com/mail-in-a-box/mailinabox/pull/1467/commits/0e69c5e8fc3c6bce82d46e5928391022f42c22d9 . So this could also go into production as obviously this wont do any harm in any case.

with 1+2 my Thunderbird autoconfig is now working like a charm ! :slight_smile:

However, Outlook is much worse - somehow when i try to access autodiscover.xml ,Im getting auth window (no logins work to log in ) , when i cancel - im getting some error (see image below). I found this is z-push makes this, however im not sure how to make this work, any hints maybe ? :


closed #11

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.