I recently posted to this forum regarding SSL certificates and subdomains (https://www.virtualmin.com/node/59316) but I am wondering if I should actually take a step back and troubleshoot the issue at a wider scope.
The real issue at hand is that my email client software are refusing to acknowledge the certificate which has been issued and which does work for the https site.
For example, the text alert from Mac Mail Version 12.0 says:
Mail can't verify the identity of the server "mail.mysite.com". The certificate for this server is invalid. You might be connecting to a server that is pretending to be "mail.mysite.com" which could put your confidential information at risk. Would you like to connect to the server anyway?
Then, three buttons: Show certificate, Cancel, Continue
If I click "Show certificate", it provides these details:
mysite.com Issued by: Let's Encrypt Authority X3 Expires: Sunday, February 3, 2019 at 9:50:28 PM Eastern Standard Time + This certificate is marked as trusted for ded.mysite.com
(Followed by the deeper details on issuer and key, etc.)
Virtualmin does confirm that I have copied the key to the other services:
This SSL certificate is already being used by : Webmin, Usermin, Dovecot (host mysite.com), Postfix, ProFTPD
It may be important to note that my mail server is set up as mail.mysite.com
I freely admit that I am a bit of a lightweight in this field — and that Dovecot, Postfix, and SSL are the most mysterious and arcane corners of my work world.
Do I, in fact, have the servers set up incorrectly, which disallows the SSL certificate to do its work properly? If not, what changes do you recommend?
Let me know if there is more information that I might provide.