Letsencrypt partly valid certificat

Hello UCS User,
I hope somebody has an advice where I can dig regarding this problem.

There is no problem if I going with the web browser to the Web application of the mail server. The page is shown as trusted page with lock sign. Everting fine! But if I connect Mal program via IMAP to the server the program show me the standard server certificate and also show me a warning that the connection hasn’t a valid trust certificate:

Here partly the Log file which says everythink is fine, no error:
Refreshing certificate for following domains:
mail.mydomain.de
Parsing account key…
Parsing CSR…
Found domains: mail.mydomain.de
Getting directory…
Directory found!
Registering account…
Already registered!
Creating new order…
Order created!
Verifying mail.mydomain.de
mail.mydomain.de verified!
Signing certificate…
Certificate signed!
Certificate refreshed at Mi 17. Feb 20:16:49 CET 2021
Setting letsencrypt/status
Module: kopano-cfg

I have to give a hint regaring the domains! The internal domain given to the server is partly diffrent in regards to external:
external connection works with mail.mydomain.de (ceritficate vaild with browser)
domain given ot the Server is mail.otherdomain.de (certificate handed over to Outlook)

Why the Server handed over different certificates to different connections? Webserver port 443, Outlook IMAP port StartTSL port 143 and 587

Valid certificat handover via browser connection:
Browser

Wrong, not valid certificate handover via IMAP connection:
certificate

Hello Again, does someone has a similar problem. The problem is given for any different port connection to the server different to 443 port! for IMAP connection I have to use other ports.

Thx in for any hint to solve this topic!!!

Hi @dark957,

from your screenshots it can be seen that your imap server does not use the lets encrypt certificate at all. It still uses the certificate created by the univention ca.

You will need to configure the same certificate for your imap/smtp service as well.

Hello thx for the hint! I did use for configuration the Letsencrypt app and I thought thats all.

Can you support me with a detailed workaround where is given which variable I have to change in the Univention Configuration Registry? Thx!
Unbenannt

Mini-Howto: Kopano IMAP & Let's Encrypt explains how to setup the Lets Encrypt certificates for the Kopano services.

Do not search for IMAP in the Univention Registry but for SSL (with asterisks) :wink:

Mastodon