1

Topic: SSL cert issues

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

Hi,
everything's working fine as long as I use the self signed iredMail-cert. Bought a cert at startcom and followed howto -> http://www.iredmail.org/docs/use.a.boug … icate.html

nginx works and cert-check is fine
postfix works fine and ssl-check is fine
dovecot works fine and ssl-check is fine
caldav and activesync doesn't work "Can't verify account information!"

Configured the iRedMail self signed cert again -> caldav and activesync works.
Does anyone has a hint for me how to solve this? It's definetely nginx-related. Startcom delivers no separeted cert and root-bundle. The cert comes as one bundle file. Should I cut it into two parts?

Regards
Peter

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SSL cert issues

First of all, I suppose startcom is not trustworthy nowadays after it was acquired by WoSign (do your homework with Google to figure out why WoSign is not trustworthy). So my PERSONAL suggestion is leaving it.

My another suggestion is, try Let's Encrypt, it's free. If you follow our tutorial strictly (the one in you post), it should work fine -- I already deployed many of them, no problem at all.

3

Re: SSL cert issues

ZhangHuangbin wrote:

First of all, I suppose startcom is not trustworthy nowadays after it was acquired by WoSign (do your homework with Google to figure out why WoSign is not trustworthy). So my PERSONAL suggestion is leaving it.

My another suggestion is, try Let's Encrypt, it's free. If you follow our tutorial strictly (the one in you post), it should work fine -- I already deployed many of them, no problem at all.

Thanks a lot for your reply. As far as I understood they are working at startcom to get back their reputation again, but nevertheless your solution is not acceptable for me because let's encrypt is an unknown authority for browsers. I am used to get an working class 3 cert from a well known ca.

4

Re: SSL cert issues

Okay, resolved it. Got a cert from comodo.

5

Re: SSL cert issues

nuwinfo wrote:

nevertheless your solution is not acceptable for me because let's encrypt is an unknown authority for browsers

I guess you'd better upgrade your web browser. smile
But if you're dealing with a lot end users, forget my word ... end users are hard to convince and change.