Solved: Where are TLS certificates stored?


#1

I migrated from an old server to a new server. My example.com is stored on a separate server. I need to send mail from me@example.com using my miab mail.example.com server. My miab server will not allow me to send email because it does not think I own the user address, me@example.com.

I think the issue may be due to the TLS certificate. How would I transfer the TSL certificate from my old miab server to the new one?

TLS (SSL) Certificates
A TLS (formerly called SSL) certificate is a cryptographic file that proves to anyone connecting to a web address that the connection is secure between you and the owner of that address. You need a TLS certificate for this box’s hostname (box.example.com) and every other domain name and subdomain that this box is hosting a website for (see the list below).

Provision a certificate:
Certificates cannot be automatically provisioned for:

example.com Domain control validation cannot be performed for this domain because DNS points the domain to another machine (A 123.456.78.961).

www.example.com Domain control validation cannot be performed for this domain because DNS points the domain to another machine (A 123.456.78.961).


#2

This is a feature - the box will not allow users to send email from arbitrary email addresses, only ones they own on the box (i.e. their username or an alias that forwards to them). This is particularly useful in enterprise environments where you don’t want users to impersonate other users. It’s also good practice, since sending email “from” domains that the box doesn’t control is probably going to have delivery problems.

It’s unrelated to TLS.


#3

Hi @JoshData,

The me@example.com email address is not arbitrary. It represents my domain.

I have created a username for me@example.com on the box but I am still getting the smtp 553 error.

The miab server is mail.example.com. My example.com domain sits on another server.

How do I get around this problem?


#4

What username are you using for logging in to SMTP? What is the exact error? What program are you using to send mail?


#5

username used for logging in to SMTP:
me@example.com (not me@box.example.com)

error:
SMTP Error (553): Failed to add recipient "you@example2.com" (5.7.1 me@example.com: Sender address rejected: not owned by user me@example.com).

programme used to send email:
Roundcube

I think the problem may have to do with the new Linode I created? I created a new box and swapped the IP from the old box.


#6

Is me@example.com also an alias?


#7

@JoshData, Thanks for your response. Unfortunately, I couldn’t get it working and could not wait any longer
so I destroyed the droplet and switched to yunohost.

I am having trouble getting the Let’s Encrypt certificate working on yunohost so may return to miab if I can’t get it to work.

Thanks,

p.s. I think it was an alias.


#8

I tried yunohost but could not get my subdomain index.html files to be publicly available.

Should me@example.com be a user and an alias?


#9

It should be a user and should not be an alias.


#10

So to set up automatic forwarding I should create a filter and not use an alias?

I seem to keep making this error! Perhaps I am the only one, but you may want to add a note to your instructions for people. Or, maybe not.


#11

Yes. Although I’m not sure that’s the cause of your problem.

But you can add the note too by submitting a pull request on github. Better would be a check in the backend that prohibits adding a user or alias if a user or alias already exists for that address.


#12

I will certainly look in to the pull request.

I rebuilt my server so everything seems to be working now.

I will try to install Rainloop again. It is sooo much better than Roundcube…(hint)


#13

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.