correctly configuring mail with ssl certificates (letsencrypt) [question]

Virtualmin
1

So I’m setting up a hosting server for multiple domains with a single IP. Right now I have 2 domains being hosted on the server.
I have successfully installed and configured letsencrypt and created a SAN certificate for the two domains I have (although with a couple of issues).

To make a quick overview, virtualmin is running on a dedicated server, DNS is being handled by the domain host.

right now when I try to access my website through https it gives my a message that looks like this:

“connection is not secure, parts of this website are not secure (like images)”

It`s Translated from my main language so it may differ to how it should be shown in english.

Also when I try to configure mail client (thunderbird) with STARTTLS it always says the connecion is not secure (as if the certificate wasn’t trusted).

Common name on the certificate is www.domain.com and mail server is under mail.domain.com

Also when I try to send an email it gives me an authentication error and won’t allow me to send emails.

I don’t have this error when I use usermin and I can send email correctly signed with TLS.

About the issues I’m having with letsencrypt, so far I created a SAN certificate for 2 domains. Thing is when I try to add a subdomain that is not listed on the apache conf file of the website it gives me a DNS record error (as if the A record wasn’t pointing to the server). These errors are given only with the records that are not set as alias in the apache conf file.
I want to add the mail.DOMAIN.com as a subdomain to the SAN certificate but that domain is not set as an alias in apache (and I don’t want it to be) but I need it to authenticate the mail server.

Thank you for your time and your help :smiley:

2

Read this article (in Spanish): http://www.apañados.es/tenemos-que-apanar/internet-tutoriales-y-trucos/1165-eliminar-las-urls-no-seguras-en-el-contenido-mixto-http-https.html

3

Thanks for the answer :slight_smile:

the problem is I’m not editing source code as I’m using wordpress so I could edit the links but that’s not the proper way to do it… It turns out all I had to do is change on the settings section of wordpress the link from http to https and everything works ok now :slight_smile:

As for the rest of the problems…
The certificate not being trusted on the mail server was because I didn’t add the subdomain “mail.domain.com” to the SAN certificate.
It turns out (I didn’t knew this…) that the mail.anything.com subdomain is just a gimmick as virtualmin is not using a different IP for the mail server. Being everything in the same IP I can use any of the subdomains pointing to the server. So that’s that fot the certificate not being trusted (BTW, i’m using TLS/SSL authenticacion not starttls)

As for the not being able to send emails thing, when i did a testsaslauthd -u user -p pwd it gave me an error so basically sasl was not receiving my requests. I had to restart the service ( systemctl restart saslauthd on debian 8 - service saslauthd restart on debian 7 or lower - /etc/init.d/saslauthd restart on any other system) and I was able to send emails again.

And that’s it :slight_smile:

greets