Invalid Trust Chain IMAP

Help! (Home for newbies)
1

Hi, newbie here… I set up a mail server on a clean VPS using Postfix/ Dovecot from Virtualmin. I am able to send and recieve mail normally using Roundcube webmail from “mail.mydomain.com”. Gmail and Outlook do not flag my address so I think I have set up the correct DNS records and SSL certs.

But when I try to connect to my server with an IMAP client from Outlook on Windows 10 or any iOS mail client (Gmail, outlook, even the basic Apple one) refuse to connect on SSL. Outlook was slightly helpful and said it was refusing to connect because of an “invalid trust chain”. What does that mean?

Thunderbird on Windows pulled all my settings down automatically. Now it did show a security warning saying that it was getting an unknown SSL cert and did I want to add an exception even though it was the LetsEncrypt cert. But it works fine otherwise can send and receive mail.

SSL certs are from LetsEncrypt for my domain and the mail server. Verified they are R3 I heard that was a big deal in some earlier posts. My IMAP is at mail.mail.mydomain.com because I am running mail servers under a “mail” subdomain. A little long but hey it works so I don’t want to change it. LetsEncyrpt gaive me vaild certs for all the alias associated to my mail subdomain (including mail.mail.mydomain).

I am lost as what to how to fix this please help!

Debian 10
Virtualmin: 6.16
Postfix 3.4.14

2

In Virtualmin, the subdomain mail.domain.tld is reserved and cannot / should not be used as the domain name of a virtual server.

If you change the domain to any non-reserved name, your problem might get solved.

3

Not a bad idea. I will make an image and try that right now. But you do have a fair point and that would explain why I had to edit the apache config manually… cause I wasn’t supposed to I guess.

4

So my brain is melting for why that worked but it did… also I went under Virtualmin → Server configuration → SSL Certificate → service certificates for my domain virtual server and added Postfix/ Dovecot to use the LetsEncrypt certs I got and everything works now… well mostly.

Outlook on PC still complains but the default Apple mail app will at least sync now. Oddly it still will not fetch settings automatically but Thunderbird works like a charm. Not sure which is specifically responsible but thanks @calport as you had an excellent point.

5

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.