Email SSL Certificate

Problem Description

Email clients are getting invalid SSL certs. I’ve configured the A record of mail.$DOMAIN, but upon an SSL check I get:
unknown: x509: certificate is valid for,, not mail.$DOMAIN

But for $DOMAIN itself, it’s fine:
The certificate currently available on $DOMAIN is OK. It is not one of the certificates affected by the Let’s Encrypt CAA rechecking problem. Its serial number is 04ccd2295f55703fba0b7476f5beda20a6e9

Do I need to do something with the config so that it uses the right SSL cert?

Any Error Messages

See above


  • Sympl Version [9.0/10.0]: 10.0.200127.0
  • Sympl Testing Version? [Yes/No]: No
  • Debian Version [Buster/Stretch]: Buster
  • Hardware Type? [Dedicated/Virtual/Pi]: VM
  • Hosted On? [name of hosting co]: mythic-beasts

At the moment, you need to use the bare domain (just rather than for the mail client.

Sympl only supports getting certificates for the bare domain and the www subdomain, but not the mail subdomain or any others, but that should be fixed in the next major version.

Theres a kludge to get this to work by adding an alias/symlink from to in /srv, then forcing a new cert request with sympl-ssl --force, but it’s not very elegant at present.

This kludge can cause problems with websites - suddenly mail… becomes a synonym for www… - and that opens up loads of problems and increases search engine and hacking access. I stopped doing this when I moved to Mythic - but am still getting bots trying to get into mail…

Might be better to have an email only separate domain for the mail. site. You can then symlink the mail directory over, and get the certificate. Will this work?

Maybe, but you’d probably be best off using a valid hostname for the mail clients for now - it can be any hostname for the server, as long as it has a valid SSL cert - it doesn’t have to match the mail domain.

1 Like

I will start using the server itself as the email server in the client settings rather than mail.$DOMAIN

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.