Certificate self-signed in response for mail service in mail.domain.tld

bloops

Hi Everyone ,

I'm not sure what's wrong so if someone can explain the best way for this

My cloudron dashboard is in <my.app.domainA.tld> and apps are in sub-domain <n1.app.domainA.tld>, <n1.app.domainB.tld> etc...

And my mail service in <mail.domain.tld>.

Unfortunaly, Clondron serve the seft-signed certificate in this case for <mail.domain.tld>

There are no certificate in root domain, so I need to generate one manually or i need to do somethink else ?
My DNS provider is manual. A record is present for mail domain.

Thanks.

girish

@bloops Have you tried Domains -> Renew All Certs already ? I would also check the logs when renewing (the dropdown on the top right of that section), to see if it's managing to get certs for mail.domain.tld.

bloops

@girish This is what I did initially but didn't seem to generate a certificate.
Having made several modifications in the meantime, I am a little confused about the possible reasons why the certificate is now present.
It's ok now.

Maybe describe the way I've configured my mail service could help to understand and serve others :

1. Creating root domain <domain.tld> if different from install
2. Declare <mail> in mail server
3. Configure DNS (A, MX, DKIM, DMARC) for your sub-domain <mail.domain.tld>
   4 Activate inbound mailing

-> At this point, the DNS check should be all Green

For me, at this point, the certificate in response was seft-signed and DNS was green.
I've tried to "Renew certificates" but that didn't change anything.

Solution or modifications (I presume than this is why the certificate as been generate):

I create the sub-domain <mail.domain.tld> in "Domains & Certificates" and activate inbound mail in mail service.

So I think this is not the right way, cause I have inbound mail active in <mail.domain.tld> for mail server AND <domain.tld> for my accounts.

For the moment it's functional but I would like to return to my previous configuration.
What do you think is not good?

Thanks you .

girish

@bloops are you saying you created a Domain called mail.domain.tld ? This is not needed. I think the certificate issue could simply be a matter of DNS propagation. Especially, with manual DNS, depending on your provider, this can take a while and Cloudron has no way to check . In such cases, it will start using a self signed certificate initially. There is a nightly cron job to renew certs and that would kick in and get a certificate eventually.