The DANE TLSA record for incoming mail (_25._tcp.box.example.com) is not correct. It is ‘3 0 1 8b03a5f08b206a8d2f937b49xxxxx3c2d15c070ce98b50a1c266aec89176dcb9’ but it should be ‘3 0 1 6a349afd9cd638b5c0edae94xxxxx10dbe41b2d3d2fab8980ddf0059b247bd4c’. It may take several hours for public DNS to update after a change.
In System->External DNS I can see the 6a349afd9cd638b5c0edae94xxxxx10dbe41b2d3d2fab8980ddf0059b247bd4c key. When looking in /etc/nsd/zones/box.example.com.txt file I see the line 8b03a5f08b206a8d2f937b49xxxxx3c2d15c070ce98b50a1c266aec89176dcb9. Why is these out of sync? How can I fix it? Running mailinabox command does not help. Everything in System status check is green except this one. Running 0.06 version.
Hello everyone. Thanks for responding on my problem.
Yes, I did install ssl cert outside of admin interface. I could not figure out how to apply my already existing wildcard SSL certificate from startssl (level 2) so I applied it manually. key + certificate + intermediate cert.
I did run tools/dns_update --force and got back the response “updated DNS: example.com”. Hmm… But my problem is in “box.example.com” zone. Anyway, it did not fix the problem.
Hello again everyone. I tried to solve my problem but did not manage to do so.
Instead I reinstalled my Mail-in-a-Box installation and did SSL installation with the GUI tool. Because I have an already existing wildcard SSL certificate I needed to replace /home/user-data/ssl/ssl_private_key.pem with my own key so the GUI would accept it.
After reinstall of Mail-in-a-Box and doing SSL install with web GUI, it now works. everything green.
Just an a side note on this topic. I ran into the same issue after having to replace the private key so I could use my wildcard cert. The recomended command of