[Users] Certificate by domain work for 443 but not 993
tonster at tonster.com
Fri Jul 16 22:55:00 CEST 2021
You're correct, it's unsupported at this time for imaps/pop3s, and really I do not believe there is effort being made to change that. You would need to hack the nginx configurations to make it work, and you'd need to continually do that to make it work for upgrades so it's non-trivial to work-around it.
----- Original Message -----
From: "Anahuac" <anahuac at anahuac.eu>
To: "users" <users at lists.zetalliance.org>
Sent: Friday, July 16, 2021 4:41:01 PM
Subject: [Users] Certificate by domain work for 443 but not 993
I was setting up Let's Encrypt certificates by domain to a customer and realized that it works perfectly to access the webmail using a browser, but not when I try to use a e-mail client.
I followed all instructions from https://wiki.zimbra.com/wiki/SSL_certificates_per_domain like I have done thousand of times but then HTTPS work right but IMAP doesn't.
So I setup a tests environment, doing it all from the scratch and I can't figure it out:
- zimbraVirtualHostname : check
- let's encrypt generated and deployed : check
- access that domain on the browser : check
- access that domain on 993 : certificate error
I can see all the right confs in nginx.conf.mail.imaps like this:
#listen 993 ipv6only=off ssl;
listen 993 ssl;
#listen 993 ssl;
but when I test the certificate ir returns the default from the main domain, what causes the error.
You might like to test it yours selves
This returns the right CN:
openssl s_client -connect mail.testes.mailtester.com.br:443 </dev/null 2>/dev/null | openssl x509 -noout -text | grep CN
But when I change 443 by 993 it doesn't:
openssl s_client -connect webmail.testes.mailtester.com.br:993 </dev/null 2>/dev/null | openssl x509 -noout -text | grep CN
On this second one CN is the main server name, what means it's returning the default certificate and not the virtualhost one.
I'll love to hear your thoughts about it =)
Anahuac de Paula Gil
"É agitando que se transforma a vida, o homem, a sociedade, o mundo".
Anahuac - anahuac.eu
More information about the Users