mail.domain2.com picking up wrong ssl

Discussion in 'ISPConfig 3 Priority Support' started by Kevin S, May 28, 2020.

  1. Kevin S

    Kevin S New Member

    All of the mail server URLs are picking up the SSL of the first domain name. Example: SSLs for mail.comain2.com, mail.domain3.com, mail.domain4.com are from domain1.com which is why I am getting Server returned error "SSL error: ok Hostname "mail2.domain.com" doesn't match any SANs: "server..." error
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What Operating System? What version of ISPConfig?
    Are you using Let's Encrypt certificate?
    Are the four e-mail servers four different hosts? Are they part of the same ISPConfig multiserver setup?
    Do the mail server URLs work when not using httpS?
    Did the system work before SSL was added? How long has the system been running?
     
  3. Kevin S

    Kevin S New Member

    What Operating System? What version of ISPConfig?
    --> OS: Debian 9
    --> ISPConfig: 3.1.15p3

    Are you using Let's Encrypt certificate?
    --> Yes

    Are the four e-mail servers four different hosts? Are they part of the same ISPConfig multiserver setup?
    --> No, They are on the same server but different websites
    --> No, ISPConfig in a single server setup

    Do the mail server URLs work when not using httpS?
    --> When I go to httpS://mail.domain2.com/ or httpS://mail.domain3.com/ I get "Your connection to this web page is not safe due to an unmatching security certificate. This means that the certificate was issued for a different web address than the one it is being used for, and you run the risk of exposing your data by accessing this page."

    Did the system work before SSL was added? How long has the system been running?
    --> I am able to view, receive and send emails on webmail. The only issue is when setting up POP, IMAP, and SMTP using mail.domain1.com as a mail server hostname.
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  5. elmacus

    elmacus Active Member HowtoForge Supporter

    Check startorder in apache:
    Code:
    apache2ctl -S
    Lowest number is started when TLS/SSL is missing on some site.
    Then make sure your default-TLS/SSL (webmail for me) site is started before all custumers:
    Code:
    a2dissite default-ssl.conf
    mv /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/000-default-ssl.conf
    a2ensite 000-default-ssl.conf
    apache2ctl configtest
    service apache2 reload
    service apache2 status
    And do plan your upgrade to Debian 10 :)
     

Share This Page