Hi Carl,
thank you for your reply!
I confirm that I mean that EMAIL clients are getting the warning.
I checked /etc/dovecot/dovecot.conf and I read this:
ssl_cert = </var/qmail/control/servercert.pem
ssl_key = </var/qmail/control/servercert.pem
moreover at the bottom of this file I have these lines:
local_name maindomain.it {
ssl_cert = </etc/letsencrypt/live/maindomain.it-0001/fullchain.pem
ssl_key = </etc/letsencrypt/live/maindomain.it-0001/privkey.pem
}
local_name mail.maindomain.it {
ssl_cert = </etc/letsencrypt/live/maindomain.it-0001/fullchain.pem
ssl_key = </etc/letsencrypt/live/maindomain.it-0001/privkey.pem
}
local_name otherdomain.it {
ssl_cert = </etc/letsencrypt/live/otherdomain.it/fullchain.pem
ssl_key = </etc/letsencrypt/live/otherdomain.it/privkey.pem
}
local_name mail.otherdomain.it {
ssl_cert = </etc/letsencrypt/live/otherdomain.it/fullchain.pem
ssl_key = </etc/letsencrypt/live/otherdomain.it/privkey.pem
}
all lines in /etc/dovecot/conf.d/10-ssl.conf are commented out except
these 2 lines:
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
but these 2 files are dated Jan 15 2022 so I think they aren't used...
Cesare
Il 20/06/2025 14:26, CarlC Internet Services Service Desk ha scritto:
Cesare,
Do you mean EMAIL clients are getting the warnings?
If so, it could be dovecot which supplies the setups for POP3/IMAP…
What certs are you using for those? Look in
/etc/dovecot/conf.d/10-ssl.conf or /etc/dovecot/dovecot.conf to see if
your using the correct certs…
Also, you could look at IMAP directly via:
openssl s_client -crlf -connect imap.example.com:993
Just replace imap.example.com with your domain or 127.0.0.1
Carl
*From:*Cinghiuz [mailto:[email protected]]
*Sent:* Friday, June 20, 2025 03:25 AM
*To:* [email protected]
*Subject:* [qmailtoaster] Certificate expired
Hi there,
I've got a strange issue with my production Qmail server: email
clients say that the certificate is expired, but if I check on Qmail
server I get this result:
[root@mail ~]# certbot certificates|grep days
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Expiry Date: 2025-07-14 19:07:08+00:00 (VALID: 24 days)
Expiry Date: 2025-09-12 21:57:08+00:00 (VALID: 84 days)
Expiry Date: 2025-07-14 18:56:29+00:00 (VALID: 24 days)
Expiry Date: 2025-07-14 18:57:18+00:00 (VALID: 24 days)
Expiry Date: 2025-07-14 18:57:28+00:00 (VALID: 24 days)
Expiry Date: 2025-07-14 18:57:36+00:00 (VALID: 24 days)
Expiry Date: 2025-09-12 21:57:56+00:00 (VALID: 84 days)
Expiry Date: 2025-08-16 14:45:25+00:00 (VALID: 57 days)
Expiry Date: 2025-07-14 18:58:55+00:00 (VALID: 24 days)
Expiry Date: 2025-07-11 16:57:23+00:00 (VALID: 21 days)
Expiry Date: 2025-07-14 18:59:10+00:00 (VALID: 24 days)
Expiry Date: 2025-08-16 14:45:40+00:00 (VALID: 57 days)
Expiry Date: 2025-08-16 14:45:58+00:00 (VALID: 57 days)
Expiry Date: 2025-07-14 18:59:29+00:00 (VALID: 24 days)
Expiry Date: 2025-08-16 14:46:11+00:00 (VALID: 57 days)
Expiry Date: 2025-08-16 14:46:23+00:00 (VALID: 57 days)
If I check the validity of /var/qmail/control/servercert.pem I got
this result:
Common Name : maindomain.it
Alternative Names : maindomain.it, otherdomain.com,
alternativedomain.it, xyz.com, [...], mail.maindomain.it,
mail.otherdomain.com, mail.alternativedomain.it, mail.xyz.com, [...]
Valid From : Apr 15,2025
Valid To : Jul 14,2025
Issuer : Let's Encrypt
Serial Number : 0x06[...]253
Also if I go to https://mail.maindomain.it I see that the certificate
is valid:
But email clients (Outlook, Thunderbird, etc.) say that there is
something wrong with the certificate:
What can I check to fix this issue?
Thanks a lot!
Cesare
