I run a Mailcow-Instance under eg. mail.main.com and have configured another Domain secondary.com under “Configuration –> Mail Setup” which I’d like to use for sending/receiving mails.

Adding a new account to Thunderbird which checks the certificate of secondary.com:143 results in an error: The certificate belongs to another website. (Screenshot). Ignoring the certificate error and sending a mail to some Mail-Tester Website results in a decent score.

The command openssl s_client -starttls smtp -crlf -connect secondary.com:143 gives following output:

CONNECTED(00000003)
Didn't find STARTTLS in server response, trying anyway...
140555206051136:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 228 bytes and written 342 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

I am running the WebUI behind the traefik reverse proxy und use certdumper to extract and insert the certificate (of mail.main.com!) at ./data/assets/ssl/
Further i appended a screenshot about my DNS-Configuration which seems to be fine.

Any help appreciated 🙂, since I am running out of ideas
Kind Regards
David

  • heavygale replied to this.

  • The certificate shown is from mail.main.com
    The acme-mailcow Container is disabled since I am using traefik.

    Finally resolved it: the mail.main.com certificate which gets moved by the certdumper was missing the SAN.
    Adding these labels (additionaly to the Host-Rule) to docker-compose.override.yml and restarting mailcow did the trick 😃

            - traefik.http.routers.mailcow.tls.domains[0].main=${MAILCOW_HOSTNAME}
        - traefik.http.routers.mailcow.tls.domains[0].sans=secondary.com

    dahe22 The certificate belongs to another website.

    Which one? (click “ansehen”)

    Port 80 for secondary.com terminates at mailcow for automatic ssl cert creation? No errors in acme-mailcow?

      Have something to say?

      Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

      The certificate shown is from mail.main.com
      The acme-mailcow Container is disabled since I am using traefik.

      Finally resolved it: the mail.main.com certificate which gets moved by the certdumper was missing the SAN.
      Adding these labels (additionaly to the Host-Rule) to docker-compose.override.yml and restarting mailcow did the trick 😃

              - traefik.http.routers.mailcow.tls.domains[0].main=${MAILCOW_HOSTNAME}
        - traefik.http.routers.mailcow.tls.domains[0].sans=secondary.com
      No one is typing