Letsencrypt certificate no longer valid if copied to Dovecot/Postfix

Submitted by jazzman on Wed, 04/20/2016 - 03:08

Hello,

(Latest Virtualmin/Webmin/AuthenticTheme: 5.01/1.791/17.72)

Added subdomain mail.domain.tld and enabled SSL website. Used letsencrypt to retrieve and install certificate. After solving some issues with .htaccess file, it went OK. (BTW, I think Virtualmin should handle this possible issue by temporary adding a 'whitelist' rule to .htaccess to avoid blocking of the validation URL, otherwise, the automatic renewal may be of no use at all). The certificate worked properly, accessing https://mail.domain.tld in Chrome confirmed it.

Then, tried to copy the certificate to Dovecot and Postfix as I also recommended my users to use mail.domain.tld for the IMAP/SMTP server address. Thunderbird doesn't recognize the certificate, Apple Mail the same, etc. From what I've understood, the problem is that at least for now we need to also send the intermediate certificate and then it works properly: https://community.letsencrypt.org/t/thunderbird-doesnt-like-letsencrypt-...

How can this be fixed/configured? From what I've seen, Virtualmin now uses its own letsencrypt client so I couldn't just change the .pem with the fullchain one as I don't know where to find it.

Status: 
Closed (fixed)

Comments

Submitted by JamieCameron on Wed, 04/20/2016 - 22:02

That's odd, as the intermediate cert should get copied as well. What exact error are you getting from Thunderbird?

Submitted by JamieCameron on Thu, 04/21/2016 - 00:40

Status: Active ยป Fixed

Submitted by jazzman on Thu, 04/21/2016 - 04:31

OK, thanks. Where should I put the new cert? I assume that afterwards I just have repeat the whole procedure.

Submitted by JamieCameron on Thu, 04/21/2016 - 20:00

You can upload or paste it in on the "CA certificate" tab of the "Manage SSL Certificate" page.