I am unable to run the LetsEncrypt auto SSL generator because I am running MIAB on a separate server from my webserver (running LetsEncrypt provides an error saying that www.domain.com does not point to the same IP as the mail server. This is correct because that’s true). If we could choose which domains we want to install the certificate on, this may help this particular issue. Since I am unsure of everything that needs to be modified, I have not installed the certificate manually.
So, with the issue of LetsEncrypt, I have tried a couple of different signing authorities (Comodo & sslforfree) to test installing a certificate by using the CSR. Through both, I get an error stating
There is a problem with the certificate. error /tmp/tmprhxkmnfp.pem: verification failed
I am using AWS to run my servers, so I typically use the AWS Certificate Manager for webserver security. With that said, I’m unable to run DNSSEC. Being that I’ve used iRedMail before, I have been introduced to a number of new DNS settings though (under System → External DNS). Are these all necessary? And with that said, and my DNS settings hosted in AWS, I am unable to use the provided DKIM DNS settings as I’m told the TXT value is too long.
If anyone has questions, send me a message on Telegram @MainelySoftware
This will help clean up chat, and then answers can be provided here.
I went to your profile, but I was unable to find a way to message you. Could be where I’m new? I’ve updated the OP with my Telegram as a means to communicate and not provide clutter to the forum.
Have you simply gone to the admin area System>SSL(TLS) Certificates page and clicked on provision certificate there … the only certificate needed is for the box itself.
Weird. I went through and hit provision again and it installed. However, this was the first time doing it after running the following again. Seeing that was supposed to do something, I gave it a try and it looks like it fixed whatever issue there was.
Sorry but to be blunt, your DNS is a complete mess!
You are going to need to use external DNS only with the way your system is set up, but doing that with AWS and the limitation you noted with the DKIM record is going to absolutely kill your mail deliverability.
