Certificate subject and host name mismatch

so I got some certificates made with the let’s encrypt integration and when I go and sign in to my email on my phone it gives me a warning about the certificate subject and host name not matching

When you sign in on your phone, what OS are you using and are you using the default mail app for the OS?

I’m using the gmail app to sign in on my android phone

What does this mean exactly? Did you take any other steps besides using the blue ‘Provision’ button in the admin area on the TLS/SSL page?

I’ve no personal experience with that app (I tend to avoid companies which market my personal information) but it sounds like perhaps an issue with the app, or how you configured it.

all I did was use the let’s encrypt integration until everything was done and then I logged in to my email
and this is what I get

What happens when you log in to Roundcube?

what’s roundcube? sorry if that seems like a stupid question if thats the webmail part I’m able to login to it just fine from the website

Then the issue is that you have potentially configured the Gmail app incorrectly, or the Gmail app sucks.

1 Like

I don’t see how I configured it incorrectly I logged into it like any other email I know when I log into my school email on my phone it doesn’t do the same thing as when I logged into my custom email

Does the Status checks page in the admin dashboard report any issues with the domain?

here’s everything that it says

Please see my post here for changing from password-based SSH login to key authentication.

You should go into your VPS dashboard and set the rDNS record to match your MiaB hostname (e.g., box.example.net).

You should go into your registrar admin panel and set your DS records.

MiaB states that the records are configured correctly, so there is some kind of problem with the app.

There should be somewhere in the app that will tell you the app’s settings for the IMAP server and the SMTP server. Verify they are correct as what is stated in the Instructions page of the MiaB admin dashboard.

Is the email address that you are logging in on the SAME domain as the MiaB server?

i.e. box.domain.tld ?

If not, the way that the gmail client works it will not properly log in.

I did it the default way which put the email at example.tk not box.example.tk

Right, and the Gmail client is logging in to box.example.tk to read email from the domain example.tk and this is what is causing your mismatch.

I’d suggest using a proper mobile email client. The gmail client is specifically for gmail. Although it does allow you to ‘log in’ to an email account via imap, it does not do this in an efficient manner as evidenced here.

I have logged in on a better email client than Gmail but it always does this

Let me see the settings screen of that email client please. You may PM if you do not want to post it publicly.

Without knowing what that email client is referring to as ‘all certificates’ makes this a bit impossible. I suspect it is the same situation. i.e. box.domain.tk.

Usually this means that the client is asking if it should verify the certificate is valid through a chain of trust, or just blindly connect to anything that presents a certificate.

You have likely experienced the same thing on a browser, where the browser warns you that there is a mismatch between the domain you want to view and the domain in the certificate.

For MiaB, you should require the client to verify the trust chain of the certificate so you know you are always connecting to the MiaB server.

it wants to do it like this

You’re using the wrong server. It should be box.fee-mail.tk.