SSL uses self signed instead of Lets encrypt

Bugs in eFa 4
Post Reply
Justin
Posts: 111
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

SSL uses self signed instead of Lets encrypt

Post by Justin »

Hi there,

I'm using "hardenize" and "STARTTLS Everywhere" to check all my domain records, and both are giving errors on my MX server.
I have a EFA 3.2.6 server and a EFA 4 RC3 server which both give the same error/result

For some reason the tools pick up a Self-Signed certificate, which i've never seen before.
mx99.domain.nl
Issuer: unknown (self signed)
Not Before: 08 Feb 2019 10:20:28 UTC
Not After: 05 Feb 2029 10:20:28 UTC (expires in 9 years 3 months)
Key: RSA 2048 bits
Signature: SHA256withRSA

The certificate i'm using (and shows when i browse to the domain) is a Comodo certificate (once this one expires, i will use Let's Encrypt)
*.domain.nl (wildcard)
Issuer: COMODO RSA Domain Validation Secure Server CA
Not Before: 04 Dec 2018 00:00:00 UTC
Not After: 16 Dec 2020 00:00:00 UTC
Key: RSA 2048 bits
Signature: SHA256withRSA

Any idea how i can fix this? Once this is done i can move on to MTA-STS and a error free "STARTTLS Everywhere" result.

NOTE: domain.nl hides my real domain, just to security reasons
Justin
Posts: 111
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Re: SSL uses self signed instead of Lets encrypt

Post by Justin »

After using the Let's Encrypt the certificate is correct.
How can i do this with my own certificates? Seems likethe certificates used on HTTPS are not the same used on Postfix/EFA
kommunen
Posts: 11
Joined: 25 Apr 2014 09:47

Re: SSL uses self signed instead of Lets encrypt

Post by kommunen »

That mx99.domain.nl certificate was automatically created when you installed EFA.

Its location is defined in /etc/postfix/main.cf . Look for smtpd_tls
Justin
Posts: 111
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Re: SSL uses self signed instead of Lets encrypt

Post by Justin »

kommunen wrote: 06 Nov 2019 07:56 That mx99.domain.nl certificate was automatically created when you installed EFA.

Its location is defined in /etc/postfix/main.cf . Look for smtpd_tls
Will this be overwritten by an update of eFa?
kommunen
Posts: 11
Joined: 25 Apr 2014 09:47

Re: SSL uses self signed instead of Lets encrypt

Post by kommunen »

Not unless you re-run the setup script.
Post Reply