Server host domain change - mail server still use the previous domain in certificate

Discussion in 'Installation/Configuration' started by Petar, Feb 20, 2020.

  1. Petar

    Petar Member

    So we keep a perfect server 10 Apache installation with all the necessary settings and addons constantly updated as a base for installation of VPS's and with a host domain of lets say mail1.server1.com

    Then when we have to install a new server, we clone the base one and change all the needed documents and configurations with the new domain of lets say new2.domain2.net
    we change hosts, hostname, postfix main.cf, mailname, ispconfig web system server conbfig in all places, we then force reinstall the latest version ISPC and issue a new certificate with the new name and reboot several times in between this changes.

    But whatever we do, some certificate of the email server still keeps the old domain and if you want to connect Outlook to the new mail-host domain server, it always asks you if you want to accept the certificate (the old one) mail1.server1.com

    How can we delete and refresh this certificate with the new domain?

    I have asked this same questions some 6-7 months ago.
    At that time i didn't get any usable answers and having enough time, reinstalled the server and all misc from scratch.
    Now i'm stuck against the same wall and i'm begging you to consider this as a serious help issue, because i'm certain that a lot of our colleagues will find themselves in a similar or same situation without a clue.

    Just for the record, my last post about the same problem:
    https://www.howtoforge.com/community/threads/server-domain-change-problem-with-certificate.81735
     
  2. Steini86

    Steini86 Active Member

    Not all services use the same certificate. The one that is created during install is (in standard configuration) only(!) for the ispconfig web interface. That is the answer you got last time. You may want to use the same certificate for a lot of services, but have to do that by yourself!
    The certs for the websites are stored in /var/www/domain.com/ssl but can and should be changed via ispc webinterface
    The certificate used by postfix is defined in /etc/postfix/main.cf.
    Have a look with
    Code:
    postconf -n | grep 'cert_\|key_'
    which files are used. Exchange these certificates and reload postfix.
    The certs from dovecot are defined in /etc/dovecot/dovecot.conf:
    Code:
    grep 'ssl_key\|ssl_cert' /etc/dovecot/dovecot.conf
    Usually, they are the same than the postfix certs, if not replace them, too.
    ... and so on. Every service has its own certificates, although you could use the same for all.
    On how use LetsEncrypt certificates in these services see:
    https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/
    Especially the section: "Using The Same Let's Encrypt SSL Certs For Other Major Services".
     

Share This Page