• Support
  • Problem with SSL on mail server

I tested to a new server with fresh installation and I have the same result. I have all mail ports open and 465 and 993 not connected from thunderbird and other smtp testers. Maybe its a bug in version 3.3, OpenSSL may not working correct. I install DNS manager, same.

    Jimmy how do you make the connection? TLS? Are you accepting all certificates? Can you provide a DNS Inspection over your domain name were you are facing this problem?

    https://dnsinspect.com

    If you can create a report and paste the result here we would have more data, just to check if your DNS records are correct or not.

      TheWormsUnited

      1. Please update the mail server to 4.0
      2. To use TLS connection, you need to configure the certificate for the domain name first

        aaPanel_Jose

        I do it but I have this error on rainloop:

        IMAPs port (993) works ok.
        Certificate is Let's encrypt

          STARTTLS works ok with the lets encrypt SSL but SSL/TLS option not.

            In Rainloop all ports works except 465 for SMTP.
            For Incoming none (143), STARTTLS (143), SSL/TLS (993) : Works all
            For outgoing: none (25), STARTTLS (587) : works
            SSL/TLS (465) not work.

              Jimmy
              I have searched for a long time and haven't found the problem~ Have you ever successfully used this connection method on other self-built mail servers?

                aaPanel_Jose
                In version 3.2 I work with SSL/TLS (465 & 993). I upgrade to 3.3 and now 4.0 and 465 not working. In 3.2 I had a SSL (lets encrypt) on main domain and in mail subdomain and in Rainloop works fine. I will do a fresh install again to another server to check again mail server.

                Jimmy
                Instead of Autodetect, please select Account Details. You should avoid autodetect settings always.

                9 months later

                I could get it work with the following :

                • my mail server is : mail.domain.com PTR: mail.domain.com
                • users are register with domain : domain.com
                • I created a website mail.domain.com to automatically generated SSL certificate
                • once complited it generate :

                    1 key 
                    1 certificate (not full chain)

                then I would go to https://whatsmychaincert.com to check my certificate,

                • I copy past website certificate and generate full chain with root cert

                • I get the generated valid cert and added to my postfix config

                • finally i test with openssl 😀
                   openssl s_client -connect mail.domain.com:465
                   openssl s_client -connect mail.domain.com:993
                   openssl s_client -starttls smtp -connect mail.domain.com:587

                and all test get me to the right point, and my email client works fine

                Update 😀

                let'sencrypt store date in /www/server/panel/vhost/letsencrypt/domain.com/fullchain.pem

                TL;DR

                just put this information on postfix configuration:

                it will be always generated automatically 1 month before expire date, thus postfix will always look for the right certificate.

                never use email system in aapanel its a nightmare and if you have a good traffic its not recommend to host mail on same server

                you can't find free plugins, panels to do so ...
                aapanel is evolving i guess

                8 months later

                Are these instructions current?
                I'm using Mail Server 4.5 and external clients like Gmail don't recognize SSL
                Thanks for your work

                I'm also facing the same problem. Gmail highlighting SSL issues.

                7 days later

                I add the TLS parameters manually, but the cert does not generate automatically

                a month later

                Any update on this? I'm having the same issue. When trying to use Gmail to send emails, it's failing.

                When I attempt to update the mail settings in Gmail, it's reporting a "TLS Negotiation failed, the certificate doesn't match the host., code: 0"

                I've attempted to do some debugging. When I issue this command in a Linux command prompt, it's showing me old certificate details:

                openssl s_client -starttls smtp -showcerts -connect domain.com:587

                I've even completely deleted the SSL certificate for the domain in aaPanel, but it doesn't seem to actually delete it.