Mail In A Box Does Not Renew SSL Certificate

My Mail In A Box SSL certificate expired and now I cannot access the box securely. I am still able to login using SSH however I have tried to no avail how to renew SSL certificate. My setup is as follows:
Mail In A Box: (IP Address 1) box.[mydomain].com
Webserver (IP Address 2) www.[mydomain].com

After trying several different methods, the following worked in creating a valid certificate for my MIAB server:

sudo certbot certonly --standalone -d

When I run:
sudo cerbot certificates, I see:

Found the following certs:
Certificate Name: box.[mydomain].com
Domains: box.[mydomain].com
Expiry Date: 2018-11-28 01:40:28+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

However, when I try to access https://box.[mydomain].com/admin , I still see the error message:

Your connection is not private

and I cannot access my MIAB installation.

How do I get my MIAB server to take the effect on the new valid certificate?


Did you try the recommended method of running the proper script?

run the
sudo ./
script from the mailinabox/management directory

What method did you try that created the certificate? It almost appears that you installed certbot as the location of the certificates is the default letsencrypt location whilst Mail-in-a-Box stores the certificates in /home/user-data/ssl/

You can disable HSTS in Firefox by following ‘Method 4’ in this article:

Doing so will allow you to access your admin page to go to the System>TLS (SSL) Certificates page.
However, the more important question that needs to be explored is why the certificate was not automatically renewed by MiaB.

Thank you for the pointers. I spent a fair amount of time trying to figure this out and here is what actually resolved the issue: Thank you for the clarification on where the certificates are installed. I did not know that although I had observed several locations with the certificate files. I think the original issue is because the terms of service for letsencrypt had not been agreed to. At least that was the error message that kept coming up when I was manually running the script to renew certificates (at least I think)

Steps to resolve issue:

Login to Console and login using FileZilla

Backup /home/user-data/ssl contents (Use Filezilla)

Delete /home/user-data/ssl contents but not the folder (Use Filezilla)

DO NOT DELETE ssl_private_key.pem (for SSH secure access)

Stop Nginx

Run command
sudo service nginx stop

Upgrade the certificates
sudo certbot certonly --standalone -d box.[mydomain].com -d [mydomain].net -d [mydomain].info

(I have multiple domains resolving to the same root domain)

Start Nginx
sudo service nginx start

Rerun Mail In A Box command
sudo mailinabox

  • During the new run for mail in a box install, I was prompted to accept the terms of agreement for letsencrypt service

Login to Mail In A Box Web Interface
Select TLS and Provision certificates (this worked in provisioning and creating new certificates)

Logout Mail In A Box

Restart system from Console

Login back to Mail In A Box web interface and things were looking normal again with the new certificates

Reference website:that was helpful in me figuring out the above steps

~/mailinabox/management$ sudo ./
Provisioning TLS certificates for
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.

1 Like

Tahnks, this solved my problem.