Certificate self-signed in response for mail service in mail.domain.tld
-
Hi Everyone
,I'm not sure what's wrong so if someone can explain the best way for this
My cloudron dashboard is in <my.app.domainA.tld> and apps are in sub-domain <n1.app.domainA.tld>, <n1.app.domainB.tld> etc...
And my mail service in <mail.domain.tld>.
Unfortunaly, Clondron serve the seft-signed certificate in this case for <mail.domain.tld>
There are no certificate in root domain, so I need to generate one manually or i need to do somethink else ?
My DNS provider is manual. A record is present for mail domain.Thanks.
-
@bloops Have you tried Domains -> Renew All Certs already ? I would also check the logs when renewing (the dropdown on the top right of that section), to see if it's managing to get certs for mail.domain.tld.
-
N nebulon marked this topic as a question on
-
@girish This is what I did initially but didn't seem to generate a certificate.
Having made several modifications in the meantime, I am a little confused about the possible reasons why the certificate is now present.
It's ok now.Maybe describe the way I've configured my mail service could help to understand and serve others :
- Creating root domain <domain.tld> if different from install
- Declare <mail> in mail server
- Configure DNS (A, MX, DKIM, DMARC) for your sub-domain <mail.domain.tld>
4 Activate inbound mailing
-> At this point, the DNS check should be all Green
For me, at this point, the certificate in response was seft-signed and DNS was green.
I've tried to "Renew certificates" but that didn't change anything.Solution or modifications (I presume than this is why the certificate as been generate):
I create the sub-domain <mail.domain.tld> in "Domains & Certificates" and activate inbound mail in mail service.
So I think this is not the right way, cause I have inbound mail active in <mail.domain.tld> for mail server AND <domain.tld> for my accounts.
For the moment it's functional but I would like to return to my previous configuration.
What do you think is not good?Thanks you .
-
@girish This is what I did initially but didn't seem to generate a certificate.
Having made several modifications in the meantime, I am a little confused about the possible reasons why the certificate is now present.
It's ok now.Maybe describe the way I've configured my mail service could help to understand and serve others :
- Creating root domain <domain.tld> if different from install
- Declare <mail> in mail server
- Configure DNS (A, MX, DKIM, DMARC) for your sub-domain <mail.domain.tld>
4 Activate inbound mailing
-> At this point, the DNS check should be all Green
For me, at this point, the certificate in response was seft-signed and DNS was green.
I've tried to "Renew certificates" but that didn't change anything.Solution or modifications (I presume than this is why the certificate as been generate):
I create the sub-domain <mail.domain.tld> in "Domains & Certificates" and activate inbound mail in mail service.
So I think this is not the right way, cause I have inbound mail active in <mail.domain.tld> for mail server AND <domain.tld> for my accounts.
For the moment it's functional but I would like to return to my previous configuration.
What do you think is not good?Thanks you .
@bloops are you saying you created a Domain called
mail.domain.tld? This is not needed. I think the certificate issue could simply be a matter of DNS propagation. Especially, with manual DNS, depending on your provider, this can take a while and Cloudron has no way to check . In such cases, it will start using a self signed certificate initially. There is a nightly cron job to renew certs and that would kick in and get a certificate eventually. -
G girish has marked this topic as solved on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login