Hello guys,
I was setting up Let's Encrypt certificates by domain to a customer and realized that it works perfectly to access the webmail using a browser, but not when I try to use a e-mail client.
I followed all instructions from https://wiki.zimbra.com/wiki/SSL_certificates_per_domain like I have done thousand of times but then HTTPS work right but IMAP doesn't.
So I setup a tests environment, doing it all from the scratch and I can't figure it out:
- zimbraVirtualHostname : check
- let's encrypt generated and deployed : check
- access that domain on the browser : check
- access that domain on 993 : certificate error
I can see all the right confs in nginx.conf.mail.imaps like this:
server
{
server_name mail.testes.mailtester.com.br;
#listen 993 ipv6only=off ssl;
listen 993 ssl;
#listen 993 ssl;
protocol imap;
proxy on;
timeout 60;
proxy_timeout 2100;
ssl_certificate /opt/zimbra/conf/domaincerts/testes.mailtester.com.br.crt;
ssl_certificate_key /opt/zimbra/conf/domaincerts/testes.mailtester.com.br.key;
sasl_service_name "imap";
}
but when I test the certificate ir returns the default from the main domain, what causes the error.
You might like to test it yours selves
This returns the right CN:
openssl s_client -connect mail.testes.mailtester.com.br:443 </dev/null 2>/dev/null | openssl x509 -noout -text | grep CN
But when I change 443 by 993 it doesn't:
openssl s_client -connect webmail.testes.mailtester.com.br:993 </dev/null 2>/dev/null | openssl x509 -noout -text | grep CN
On this second one CN is the main server name, what means it's returning the default certificate and not the virtualhost one.
I'll love to hear your thoughts about it =)
Thanks
--
Anahuac de Paula Gil
"É agitando que se transforma a vida, o homem, a sociedade, o mundo".
Francisco Julião
Anahuac - anahuac.eu
Telegram: @anahuac