Being told certificate has expired when trying to send mail even though I have manually created a new cert and copied files to all the usual places (and restarted postfix and dovecot):
Where else would Virtualmin look for certs? Does anything else need to be restarted? The domain itself is showing the correct cert date, but trying to send mail seems to be fetching the cert that expired yesterday.
This is happening again - new certificate was obtained a couple of days ago but when I go to send an email it says the certificate has expired (and is showing the one old one when I click on view).
Being told by whom? Where are you sending mail from and to? (i.e. do you mean from a client to Postfix on the Virtualmin server or do you mean sending from Postfix to a remote mail server?)
We generally need to see the exact error, and we need to see the relevant log entries.
You should not configure Dovecot and Postfix manually. You should use the “Set as default services certificate” button in the SSL Certificate page from one of your domains, whichever one you want to be the default certificate for mail services. (Modern systems should also use SNI for most services, so whatever domain name you connect with is generally the cert you’ll be served.)
Hi Joe, mail has been set up as pop/smtp on the server and I am getting the error when trying to send email from my computer (Apple Mail) as well as from software running on the server which has been configured to send mail.
They both say the certificate has expired (and indeed are showing the expiry date of the old cert). Where are the log entries? I’m guessing there won’t be any on the virtualmin server as it’s the clients that are rejecting the sending (they are reporting the cert as expired so are refusing to send).
I do not use virtualmin to create/update the certs. We use HAProxy on the server so HAProxy handles all of the SSL. A script runs Certbot twice daily to update any certs that are due to expire and our custom script then copies them to the locations as per this thread. The script then restarts dovecot and postfix with systemctl restart postfix and systemctl restart dovecot.
Everything seems like it should be pretty straight forward (it was working before - this only seems to be an issue after a cert gets updated). Does Dovecot/Postfix ‘cache’ certs? Should anything be done once the certs have been copied to the locations as described above?
[The odd thing is two domains were updated at the same time - the other one works fine, but this one doesn’t! The https sites work fine for both]
created a new dummy virtualmin server (domain account) (worked!)
Creating a new dummy server/domain via Virtualmin > Create Virtual Server seems to have fixed the issue. So my guess is something else needs to happen to complete the process we put together in this thread: How to configure SSL for Dovecot/Postfix manually? - #18 by Brook
I would guess that something needs to be copied to the Postfix config to make it aware a new cert has been created - any ideas if that’s the case? If so what are those steps?