Hi All,
I have an issue with hestiacp and exim when receiving mail.
2020-03-21 12:42:45 TLS error on connection from mail-pf1-f173.google.com[209.85.210.173] (cert/key setup: cert=/usr/local/hestia/ssl/certificate.crt key=/usr/local/hestia/ssl/certificate.key): Error while reading file.
Some mail servers only use TLS so cannot receive mail from there.
Found something from vestacp that this should be solved with:
chmod 664 /etc/exim4/domains/$mydomain/aliases
but did not help.
So I know I could fix this with
copying over or symlink Key and Cert from
/etc/exim4/domains/$mydomain/ssl/
to
/usr/local/hestia/ssl/
but that would fix this only for one domain, wouldn’t it?
I have Hestiacp 1.1
Debian Stretch Up2date
I think this problem was already present before upgrading to 1.1
please help
Thanks
Thomas
Hi @atomskii
Thanks for your request! I think the easiest way is to run v-add-letsencrypt-host, this will generate a let’s encrypt ssl certificate for you host domain and will also add it to the most common services like exim, dovecot, hestiabackend and vsftp.
Thank you very much for your replay.
v-add-letsencrypt-host did it.
would you be so kind to explain the magic that is happening here, I would like to understand:
now
/usr/local/hestia/ssl/certificate.key|crt
is symlinked to
/home/atom/conf/web/mydomain.at/ssl/mydomain.key|crt
and when I check the certifcate at /home/atom/conf/web/mydomain.at/ssl/mydomain.crt
Its issued for my server FQDN and not mydomain.at
But when I do a Mail deliver test with this: https://www.checktls.com/TestReceiver
The Cert I see there is the correct one for mydomain.at I created with hestiacp, by enableing TLS with Letsencrypt option?
So everything is working like expected, but why?
Thanks
Thomas