- Edited
aaPanel_Kern
All DNS records are present.
Outlook likes everything. But Google doesn't like it.
ssl Google mail client
At the same time, check the postfix configuration, which can be viewed in the server status
"mail.135mailtest.com" is replaced with your domain name
Put:
smtpd_tls_chain_files=/etc/ssl/private/ssl-cert-snakeoil.key,/etc/ssl/certs/ssl-cert-snakeoil.pem
Change to:
smtpd_tls_chain_files = /www/server/panel/plugin/mail_sys/cert/135mailtest.com/privkey.pem,/www/server/panel/plugin/mail_sys/cert/135mailtest.com/fullchain.pem
Note to replace 135mailtest.com with your domain name.
Also check /www/server/panel/plugin/mail_sys/cert/135mailtest.com/ for privkey.pem and fullchain.pem files
You can use this command to check whether the correct SSL is configured
openssl s_client -connect mail.135mailtest.com:587 -starttls smtp
or
openssl s_client -connect mail.135mailtest.com:465
If the display is not OK, try to save the SSL certificate again, or please re-apply for SSL
smtpd_tls_chain_files = /www/server/panel/plugin/mail_sys/cert/135mailtest.com/privkey.pem,/www/server/panel/plugin/mail_sys/cert/135mailtest.com/fullchain.pem
The subdomain mail.135mailtest.com was specified
And there was an error: Verify return code: 21 (unable to verify the first certificate)
There is no error now, but Outlook says
that the server does not support the specified connection encryption type.
Hello, have you changed it to your own domain name?
aaP_randreevich
aaPanel_Kern
changed of course
aaPanel_Kern
specify a domain or subdomain?
Hello, will trying to save the certificate again fix it? Can the test be successful by changing to another command?
- Edited
aaPanel_Kern
smtpd_tls_chain_files = /www/server/panel/plugin/mail_sys/cert/example.com/privkey.pem,/www/server/panel/plugin/mail_sys/cert/mail.example.com/fullchain.pem
indicate on the way example.com or mail.example.com ?
After changing the path, should I recreate the certificate?
I restored VPS from backup, updated the certificate again. I didn't change the line
smtpd_tls_chain_files = /etc/ssl/private/ssl-cert-snakeoil.key,/etc/ssl/certs/ssl-cert-snakeoil.pem
Google client doesn't give any errors.
openssl s_client -connect mail.example.com:587 -starttls smtp
checks pass without errors.
It's not clear.
- Edited
Hello, is the problem solved? Please refer to your existing certificate storage path.
aaP_randreevich
aaPanel_Kern
Problem solved. Thank you.