I tested the certificates with a cert chain checker and it worked fine. Also, when I called mail.domain.tld in a browser, the correct certificate was served. Something might be wrong with the Android client.. Maybe it does not use the name based configuration?
I have no idea, I am no expert in this. > Am 23.02.2016 um 18:21 schrieb Chris <ch...@espacenetworks.com>: > > Very cool. Inverse should add this issue to public FAQ or Knowledgebase on > sogo.nu > > SOGo should be made to detect TLS certificate issues with a wget command to > self-test verify the web interface and if it isn't setup properly, provide > the admin with a human language worded error message, if not also propose the > fix and/or apply the fix. Saving many admins running TLS secure web mail, > many, many hours of hunting this issue down. > > > > > On 2/23/2016 5:42 AM, Adrian Figueroa wrote: >> I solved the problem! >> >> It is stock android 5 (Moto G, GPE) with stock mail, by the way. It happens >> on multiple devices. >> >> It is like this: >> The mail client connects to my mail server. The mail server is called >> "mail.domain.tld". >> >> Now, another domain name on the same server (other.domain.tld) is supplied >> to the mail client by apache, while the certificate itself is served by the >> mail server (dovecot, postfix, ..). Obviously, the name of the domain now >> does not match the certificate. >> >> What I had to do was to add mail.domain.tld to the apache vhosts and make it >> the first to be served by appending 000_ at the beginning of the name of the >> vserver config. Now, name and certificate do match. >> >> I wonder why apache serves the mail client in the first place... >> >> Adrian >> >>> Am 22.02.2016 um 21:07 schrieb André Schild <an...@schild.ws>: >>> >>> Am 22.02.2016 um 17:42 schrieb Adrian Figueroa: >>>> Actually, I did provide the analyzer with valid login information. Maybe I >>>> should not pay too much attention to that 401 error. >>>> ActiveSync does work on any other device, also on Android with other >>>> clients (such as "nine"). >>>> >>>> Could it be, that Let's Encrypt certificates do not work on Android with >>>> the standard mail client? They do work in browsers. >>> Are you using Stock Android, or some other branded Android device? >>> Some manufacturers make modifications to such services... >>> >>> Does it happen on different devices? >>> >>> What Android Version? >>> >>> André >>> -- >>> users@sogo.nu >>> https://inverse.ca/sogo/lists > > -- > users@sogo.nu > https://inverse.ca/sogo/lists
smime.p7s
Description: S/MIME cryptographic signature