I think Mail-In-A-Box is wonderful. It’s something that we really need and should maintain for a long time.
I just bought an SSL Certificate from Comodo and a VPS to set up email. Everything seems to be working great. Emails come in and go out very quickly, and Exchange support is really great.
However, I still get this issue in the systems check:
The SSL certificate has a problem:/SOME-PATH.pem
C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN
= COMODO RSA Domain Validation Secure Server CA
error 20 at 1 depth lookup:unable to get local issuer certificate
Is there something I need to do to fix this? I renamed the self-signed certificate that came with the installation and still have it around. Does that need to go into the certificate PEM file along with rest of my CAs and CRTs?
During me research, I realized that I had forgotten to include one of the four certificates that NameCheap/Comodo issued me. Once I included that into the PEM, everything worked great. And to answer your question, yes, things seemed to work just fine before I fixed that issue.
I do have this issue (and maybe it would be useful to include in the beginners guide) that box.domain.com is not covered by the SSL Certificate. Maybe this is common knowledge but at least not to me. Upon research, I learned that you need a separate wildcard SSL Certificate for every level of sub-domain.
This is perfectly fine, however, as I can just point IMAP/SMTP/Exchange/WWW/Webmail at my root domain and use box when absolutely necessary.
The CSR provided by the control panel would have specified box.domain.com, so the certificate should cover that. It might not cover domain.com, but it should cover box.domain.com.
Normally a certificate covers one exact domain name, yes. A multi-domain certificate can cover multiple domains. A wilcard certificate covers a domain and one level of subdomains under it.