SSL Failed & DNS Settings


#1

I am unable to run the LetsEncrypt auto SSL generator because I am running MIAB on a separate server from my webserver (running LetsEncrypt provides an error saying that www.domain.com does not point to the same IP as the mail server. This is correct because that’s true). If we could choose which domains we want to install the certificate on, this may help this particular issue. Since I am unsure of everything that needs to be modified, I have not installed the certificate manually.

So, with the issue of LetsEncrypt, I have tried a couple of different signing authorities (Comodo & sslforfree) to test installing a certificate by using the CSR. Through both, I get an error stating

There is a problem with the certificate. error /tmp/tmprhxkmnfp.pem: verification failed

I am using AWS to run my servers, so I typically use the AWS Certificate Manager for webserver security. With that said, I’m unable to run DNSSEC. Being that I’ve used iRedMail before, I have been introduced to a number of new DNS settings though (under System -> External DNS). Are these all necessary? And with that said, and my DNS settings hosted in AWS, I am unable to use the provided DKIM DNS settings as I’m told the TXT value is too long.

If anyone has questions, send me a message on Telegram @MainelySoftware
This will help clean up chat, and then answers can be provided here.


#2

PM me with your domain name please? and subdomain for MiaB. It makes things a lot easier!


#3

I went to your profile, but I was unable to find a way to message you. Could be where I’m new? I’ve updated the OP with my Telegram as a means to communicate and not provide clutter to the forum.


#4

Have you simply gone to the admin area System>SSL(TLS) Certificates page and clicked on provision certificate there … the only certificate needed is for the box itself.


#5

Weird. I went through and hit provision again and it installed. However, this was the first time doing it after running the following again. Seeing that was supposed to do something, I gave it a try and it looks like it fixed whatever issue there was.

sudo mailinabox

However, I am unable to access the site through the domain with the certificate provisioned.
https://mail.mainelysoftware.com/


#6

Close your browser and reopen it completely … caching may be a problem. It works fine at my end.


#8

Sorry but to be blunt, your DNS is a complete mess!

You are going to need to use external DNS only with the way your system is set up, but doing that with AWS and the limitation you noted with the DKIM record is going to absolutely kill your mail deliverability. :frowning:


#11

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.