SSL uses self signed instead of Lets encrypt

Bugs in eFa 4
Post Reply
Justin
Posts: 104
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

SSL uses self signed instead of Lets encrypt

Post by Justin » 05 Nov 2019 09:00

Hi there,

I'm using "hardenize" and "STARTTLS Everywhere" to check all my domain records, and both are giving errors on my MX server.
I have a EFA 3.2.6 server and a EFA 4 RC3 server which both give the same error/result

For some reason the tools pick up a Self-Signed certificate, which i've never seen before.
mx99.domain.nl
Issuer: unknown (self signed)
Not Before: 08 Feb 2019 10:20:28 UTC
Not After: 05 Feb 2029 10:20:28 UTC (expires in 9 years 3 months)
Key: RSA 2048 bits
Signature: SHA256withRSA

The certificate i'm using (and shows when i browse to the domain) is a Comodo certificate (once this one expires, i will use Let's Encrypt)
*.domain.nl (wildcard)
Issuer: COMODO RSA Domain Validation Secure Server CA
Not Before: 04 Dec 2018 00:00:00 UTC
Not After: 16 Dec 2020 00:00:00 UTC
Key: RSA 2048 bits
Signature: SHA256withRSA

Any idea how i can fix this? Once this is done i can move on to MTA-STS and a error free "STARTTLS Everywhere" result.

NOTE: domain.nl hides my real domain, just to security reasons

Justin
Posts: 104
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Re: SSL uses self signed instead of Lets encrypt

Post by Justin » 05 Nov 2019 10:09

After using the Let's Encrypt the certificate is correct.
How can i do this with my own certificates? Seems likethe certificates used on HTTPS are not the same used on Postfix/EFA

kommunen
Posts: 10
Joined: 25 Apr 2014 09:47

Re: SSL uses self signed instead of Lets encrypt

Post by kommunen » 06 Nov 2019 07:56

That mx99.domain.nl certificate was automatically created when you installed EFA.

Its location is defined in /etc/postfix/main.cf . Look for smtpd_tls

Justin
Posts: 104
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Re: SSL uses self signed instead of Lets encrypt

Post by Justin » 11 Nov 2019 14:04

kommunen wrote:
06 Nov 2019 07:56
That mx99.domain.nl certificate was automatically created when you installed EFA.

Its location is defined in /etc/postfix/main.cf . Look for smtpd_tls
Will this be overwritten by an update of eFa?

kommunen
Posts: 10
Joined: 25 Apr 2014 09:47

Re: SSL uses self signed instead of Lets encrypt

Post by kommunen » 11 Nov 2019 15:56

Not unless you re-run the setup script.

Post Reply