email clients refusing to acknowledge the SSL certificate which has been issued

Hullo all!

I recently posted to this forum regarding SSL certificates and subdomains (https://www.virtualmin.com/node/59316) but I am wondering if I should actually take a step back and troubleshoot the issue at a wider scope.

The real issue at hand is that my email client software are refusing to acknowledge the certificate which has been issued and which does work for the https site.

For example, the text alert from Mac Mail Version 12.0 says:

Mail can't verify the identity of the server "mail.mysite.com". The certificate for this server is invalid. You might be connecting to a server that is pretending to be "mail.mysite.com" which could put your confidential information at risk. Would you like to connect to the server anyway?
Then, three buttons: Show certificate, Cancel, Continue

If I click “Show certificate”, it provides these details:

mysite.com Issued by: Let's Encrypt Authority X3 Expires: Sunday, February 3, 2019 at 9:50:28 PM Eastern Standard Time + This certificate is marked as trusted for ded.mysite.com

(Followed by the deeper details on issuer and key, etc.)

Virtualmin does confirm that I have copied the key to the other services:

This SSL certificate is already being used by : Webmin, Usermin, Dovecot (host mysite.com), Postfix, ProFTPD

It may be important to note that my mail server is set up as mail.mysite.com

I freely admit that I am a bit of a lightweight in this field — and that Dovecot, Postfix, and SSL are the most mysterious and arcane corners of my work world.

Do I, in fact, have the servers set up incorrectly, which disallows the SSL certificate to do its work properly? If not, what changes do you recommend?

Let me know if there is more information that I might provide.

Thanking you.

K

Hello all,

I have the same problem! My certificate works for website, but not on email clients (thunderbird, gmail app). My only changes were system updates.

What does the community think of this suggestion? Would it be a viable work-around to the problems of SSL support for multiple subdomains, including mail service?

existing structure:

root/home/mysite/multiple subdomains

should become:

root/home/mysite/public_html

root/home/myemailserver/

In English, this is: running the website and email as two separate services: one for the company website, and one for the company email.

Each server would have its own SSL certificate.

Thoughts? Is this viable, or too kludgy to entertain?