The DANE TLSA record for incoming mail (_25._tcp.box.example.com) is not correct. It is ‘3 0 1 8b03a5f08b206a8d2f937b49xxxxx3c2d15c070ce98b50a1c266aec89176dcb9’ but it should be ‘3 0 1 6a349afd9cd638b5c0edae94xxxxx10dbe41b2d3d2fab8980ddf0059b247bd4c’. It may take several hours for public DNS to update after a change.
In System->External DNS I can see the 6a349afd9cd638b5c0edae94xxxxx10dbe41b2d3d2fab8980ddf0059b247bd4c key. When looking in /etc/nsd/zones/box.example.com.txt file I see the line 8b03a5f08b206a8d2f937b49xxxxx3c2d15c070ce98b50a1c266aec89176dcb9. Why is these out of sync? How can I fix it? Running mailinabox command does not help. Everything in System status check is green except this one. Running 0.06 version.
Did you update the ssl cert outside of the admin interface?
tools/dns_update --force should fix it.
Hello everyone. Thanks for responding on my problem.
Yes, I did install ssl cert outside of admin interface. I could not figure out how to apply my already existing wildcard SSL certificate from startssl (level 2) so I applied it manually. key + certificate + intermediate cert.
I did run tools/dns_update --force and got back the response “updated DNS: example.com”. Hmm… But my problem is in “box.example.com” zone. Anyway, it did not fix the problem.
Hello again everyone. I tried to solve my problem but did not manage to do so.
Instead I reinstalled my Mail-in-a-Box installation and did SSL installation with the GUI tool. Because I have an already existing wildcard SSL certificate I needed to replace /home/user-data/ssl/ssl_private_key.pem with my own key so the GUI would accept it.
After reinstall of Mail-in-a-Box and doing SSL install with web GUI, it now works. everything green.
Just an a side note on this topic. I ran into the same issue after having to replace the private key so I could use my wildcard cert. The recomended command of
Did resolve the issue immediately for me.