• Support
  • Problem with SSL on mail server

I have the mail server version 3.3 and I set the SSL of my subdomain (mail.example.com). When I trying to add my mail on Google as additional account I have an error and don't allow me to add it. With the previous version all works fine. I am trying to add with 465 and 993 ports (secure smtp(s) and imap(s)).
Is any problem on mail server 3.3 ? This subdomain and main domain are pointing to my server's IP and I use a shared lets encrypt SSL (*.example.com & example.com).

Solved...server provider firewalls

Jimmy I suggest a reverse on your network, PTR and DNS, perhaps installing the DNS Manager might help you out. I am using Mail Server 3.2 tho...

I tested to a new server with fresh installation and I have the same result. I have all mail ports open and 465 and 993 not connected from thunderbird and other smtp testers. Maybe its a bug in version 3.3, OpenSSL may not working correct. I install DNS manager, same.

    Jimmy how do you make the connection? TLS? Are you accepting all certificates? Can you provide a DNS Inspection over your domain name were you are facing this problem?

    https://dnsinspect.com

    If you can create a report and paste the result here we would have more data, just to check if your DNS records are correct or not.

      TheWormsUnited

      1. Please update the mail server to 4.0
      2. To use TLS connection, you need to configure the certificate for the domain name first

        aaPanel_Jose

        I do it but I have this error on rainloop:

        IMAPs port (993) works ok.
        Certificate is Let's encrypt

          STARTTLS works ok with the lets encrypt SSL but SSL/TLS option not.

            In Rainloop all ports works except 465 for SMTP.
            For Incoming none (143), STARTTLS (143), SSL/TLS (993) : Works all
            For outgoing: none (25), STARTTLS (587) : works
            SSL/TLS (465) not work.

              Jimmy
              I have searched for a long time and haven't found the problem~ Have you ever successfully used this connection method on other self-built mail servers?

                aaPanel_Jose
                In version 3.2 I work with SSL/TLS (465 & 993). I upgrade to 3.3 and now 4.0 and 465 not working. In 3.2 I had a SSL (lets encrypt) on main domain and in mail subdomain and in Rainloop works fine. I will do a fresh install again to another server to check again mail server.

                Jimmy
                Instead of Autodetect, please select Account Details. You should avoid autodetect settings always.

                9 months later

                I could get it work with the following :

                • my mail server is : mail.domain.com PTR: mail.domain.com
                • users are register with domain : domain.com
                • I created a website mail.domain.com to automatically generated SSL certificate
                • once complited it generate :

                    1 key 
                    1 certificate (not full chain)

                then I would go to https://whatsmychaincert.com to check my certificate,

                • I copy past website certificate and generate full chain with root cert

                • I get the generated valid cert and added to my postfix config

                • finally i test with openssl 😀
                   openssl s_client -connect mail.domain.com:465
                   openssl s_client -connect mail.domain.com:993
                   openssl s_client -starttls smtp -connect mail.domain.com:587

                and all test get me to the right point, and my email client works fine

                Update 😀

                let'sencrypt store date in /www/server/panel/vhost/letsencrypt/domain.com/fullchain.pem

                TL;DR

                just put this information on postfix configuration:

                it will be always generated automatically 1 month before expire date, thus postfix will always look for the right certificate.

                never use email system in aapanel its a nightmare and if you have a good traffic its not recommend to host mail on same server

                you can't find free plugins, panels to do so ...
                aapanel is evolving i guess