Outlook only connecting to smtp server if use TLS

Discussion in 'Installation/Configuration' started by Sheshman, Jun 2, 2020.

  1. Sheshman

    Sheshman Member

    apachetl -S output:
    AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
    VirtualHost configuration:
    192.168.1.253:80 is a NameVirtualHost
    default server claribon.com (/etc/apache2/sites-enabled/900-claribon.com.vhost:7)
    port 80 namevhost claribon.com (/etc/apache2/sites-enabled/900-claribon.com.vhost:7)
    wild alias *.claribon.com
    port 80 namevhost fscteknoloji.com (/etc/apache2/sites-enabled/900-fscteknoloji.com.vhost:7)
    wild alias *.fscteknoloji.com
    port 80 namevhost gorselpackaging.com (/etc/apache2/sites-enabled/900-gorselpackaging.com.vhost:7)
    wild alias *.gorselpackaging.com
    *:8081 server1.fscteknoloji.com (/etc/apache2/sites-enabled/000-apps.vhost:9)
    *:80 server1.fscteknoloji.com (/etc/apache2/sites-enabled/000-default.conf:1)
    *:8080 server1.fscteknoloji.com (/etc/apache2/sites-enabled/000-ispconfig.vhost:9)
    ServerRoot: "/etc/apache2"
    Main DocumentRoot: "/var/www/html"
    Main ErrorLog: "/var/log/apache2/error.log"
    Mutex fcgid-proctbl: using_defaults
    Mutex ssl-stapling: using_defaults
    Mutex proxy: using_defaults
    Mutex ssl-cache: using_defaults
    Mutex default: dir="/var/run/apache2/" mechanism=default
    Mutex mpm-accept: using_defaults
    Mutex fcgid-pipe: using_defaults
    Mutex authdigest-opaque: using_defaults
    Mutex watchdog-callback: using_defaults
    Mutex rewrite-map: using_defaults
    Mutex ssl-stapling-refresh: using_defaults
    Mutex authdigest-client: using_defaults
    PidFile: "/var/run/apache2/apache2.pid"
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    Define: ENABLE_USR_LIB_CGI_BIN
    User: name="www-data" id=33
    Group: name="www-data" id=33

    also htf_report.txt as attached.

    and a quick question, if i buy an SSL certificate and upload through admin panel, will it fix the Outlook issue?
     

    Attached Files:

  2. nhybgtvfr

    nhybgtvfr Active Member

    ok so fscteknoloji.com has wildcard subdomains, that explains what website is displaying for mail.fscteknoloji.com and why.
    but that's another problem. ispconfig afaik does not natively support wildcard letsencrypt certificates. it requires letsencrypt to use dns validation.
    @ahrasis has written some scripts for dns validation using letsencrypt, and I believe it's being merged into the ispconfig code, or some version of it using acme.sh is, but that's not available yet, it may be in ispconfig 3.1.16, but I think 3.2 is more likely.

    you'll either have to follow @ahrasis method: https://www.howtoforge.com/communit...via-certbot-dns-validation-in-acme-v02.79049/ or configure the subdomains option in fscteknoloji.com to none or www, depending on if you want use of www to be possible, and then create subdomains for mail and any other subdomains you want to use, for a single certificate, or vhostsubdomains, if you want them to use a separate certificate.
     
    Last edited: Jun 4, 2020
  3. Sheshman

    Sheshman Member

    ok i'll work on your suggestion,but i'm a rookie so i need to read and learn at least basics about it first, SSL certificates are quite cheap actually, what if i buy one and upload by using admin gui, what would happen then?
     
  4. nhybgtvfr

    nhybgtvfr Active Member

    if you get a wildcard certificate, for fscteknoloji.com, then that'll work fine.
    you can replace the certs in /usr/local/ispconfig/interface/ssl with the purchased cert.
    where you require the domain cert and intermediate cert in a single file (bundle) just cat the two files into one output file.
    then where your pure-ftpd.pem or smtpd.key and smtpd.crt files currently exist, delete them and symlink to the new files /usr/local/ispconfig/interface/ssl, same for munin and monit if you use those.

    that's how I've done it, much less faffing around, and I can use the same certificate on all necessary services across multiple servers, and just leave letsencrypt to handle the hosted websites.

    for the other domains you have, i'd just go into the website settings, set subdomains to none, or www. and leave them to letscencrypt.
    if you need any other subdomains on them, just create them normally in ispconfig, and letsencrypt will handle those fine as well, as long as the correct A records exist for them.

    for the fscteknoloji.com domain you could instead of putting them in /usr/local/ispconfig/interface/ssl, as I said above, add them in the ssl tab in the control panel and save the cert, and then symlink to the files in /var/www/fscteknoloji.com/ssl instead. I did it the way I did because my main website using that domain is on a different server to the control panel interface. this way here is probably the simplest one for you.
     
  5. Sheshman

    Sheshman Member

    ok good idea, i've found a website which give s you 90 days free SSL certificate https://www.sslforfree.com/,i think i can do tests with it.

    In the ispconfig subdomains manual was saying use *. for subdomains so that's why i'm using that option, the part of "just create them normally in ispconfig" is confusing me, for example let's assume that i need to create destek.fscteknoloji.com, first i need to create an A record as "destek.fscteknoloji.com. -- my wan ip -- 3600" after that am i going to need to create an website as destek.fscteknoloji.com instead of creating subdomain from website->subdomain ?
     
  6. nhybgtvfr

    nhybgtvfr Active Member

    use subdomain for website.

    parent website fscteknoloji.com,
    host destek
    domain fscteknoloji.com
    redirect type and path depends on where you want the subdomain, in the parent domains docroot, or subfolder. and how you want that redirection (if used) flagged.

    or if you have create subdomains or aliasdomains as website options enabled,
    you can do the same using 'subdomain (vhost)'. you won't see this menu item if the options aren't enabled
    this will also ask for a webfolder path, so you can create the subdomain outside of /web if you want.

    subdomain for website will put everything in /web, or a subfolder thereof, and will add the subdomain as a ServerAlias in the parent domains vhost config, and if using letsencrypt, will add the subdomain fqdn to the parent domains letsencrypt certificate.

    the vhost subdomain will create a new vhost config file, with the vhosts docroot being the specified webfolder path. you can set separate php settings to this vhost, and it will have it's own set of certificate files, separate from the parent domain.
     
    Sheshman likes this.
  7. Sheshman

    Sheshman Member

Share This Page