Hi there,
I'm using "hardenize" and "STARTTLS Everywhere" to check all my domain records, and both are giving errors on my MX server.
I have a EFA 3.2.6 server and a EFA 4 RC3 server which both give the same error/result
For some reason the tools pick up a Self-Signed certificate, which i've never seen before.
mx99.domain.nl
Issuer: unknown (self signed)
Not Before: 08 Feb 2019 10:20:28 UTC
Not After: 05 Feb 2029 10:20:28 UTC (expires in 9 years 3 months)
Key: RSA 2048 bits
Signature: SHA256withRSA
The certificate i'm using (and shows when i browse to the domain) is a Comodo certificate (once this one expires, i will use Let's Encrypt)
*.domain.nl (wildcard)
Issuer: COMODO RSA Domain Validation Secure Server CA
Not Before: 04 Dec 2018 00:00:00 UTC
Not After: 16 Dec 2020 00:00:00 UTC
Key: RSA 2048 bits
Signature: SHA256withRSA
Any idea how i can fix this? Once this is done i can move on to MTA-STS and a error free "STARTTLS Everywhere" result.
NOTE: domain.nl hides my real domain, just to security reasons
SSL uses self signed instead of Lets encrypt
Re: SSL uses self signed instead of Lets encrypt
After using the Let's Encrypt the certificate is correct.
How can i do this with my own certificates? Seems likethe certificates used on HTTPS are not the same used on Postfix/EFA
How can i do this with my own certificates? Seems likethe certificates used on HTTPS are not the same used on Postfix/EFA
Re: SSL uses self signed instead of Lets encrypt
That mx99.domain.nl certificate was automatically created when you installed EFA.
Its location is defined in /etc/postfix/main.cf . Look for smtpd_tls
Its location is defined in /etc/postfix/main.cf . Look for smtpd_tls
Re: SSL uses self signed instead of Lets encrypt
Not unless you re-run the setup script.