1

Topic: Where do I set the certificate used for IMAP & SMTP & DAV? (SOGo)

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have the above configuration, and I am using SOGo, if this makes a difference.  Everything else is working, webmail, ActiveSync (thanks to someone here), mails send and receive on multiple domains.  And SMTP relay works. 

I recently changed my domain and had to sent up the certificate in some config files for webmail to use the correct cert.  However, I just can't connect to IMAP in mail clients without it giving a certificate error due to it using the old domain's certificate - I don't know if this will affect SMTP and CardDAV/CalDAV or this they need separate configuration.

The tl;dr is where do you set the certificate used by IMAP, SMTP, CardDAV and CalDAV respectively.  If any one can help I'd be most grateful.

Kind regards,
Michael

Post's attachments

Screenshot 2024-01-29 at 12.31.05 pm.png
Screenshot 2024-01-29 at 12.31.05 pm.png 231.86 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Where do I set the certificate used for IMAP & SMTP & DAV? (SOGo)

leyland wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have the above configuration, and I am using SOGo, if this makes a difference.  Everything else is working, webmail, ActiveSync (thanks to someone here), mails send and receive on multiple domains.  And SMTP relay works. 

I recently changed my domain and had to sent up the certificate in some config files for webmail to use the correct cert.  However, I just can't connect to IMAP in mail clients without it giving a certificate error due to it using the old domain's certificate - I don't know if this will affect SMTP and CardDAV/CalDAV or this they need separate configuration.

The tl;dr is where do you set the certificate used by IMAP, SMTP, CardDAV and CalDAV respectively.  If any one can help I'd be most grateful.

Kind regards,
Michael

/etc/ssl/private/iRedMail.key
/etc/ssl/certs/iRedMail.crt

if you have an intermediate/bundle certificate from issuer, you should place it in .crt file too after line
-----END CERTIFICATE-----

3

Re: Where do I set the certificate used for IMAP & SMTP & DAV? (SOGo)

Thank you so much, I created symbolic links from my Let's Encrypt certs to those files, after backing them up.

That's how to make the links for anyone who has this issue in future, replace "mail.versasys.site" with your domain name.

user@server:/home/user# ln -s /etc/letsencrypt/live/mail.versasys.site/privkey.pem /etc/ssl/private/iRedMail.key 
user@server:/home/user# ln -s /etc/letsencrypt/live/mail.versasys.site/cert.pem /etc/ssl/certs/iRedMail.crt

4

Re: Where do I set the certificate used for IMAP & SMTP & DAV? (SOGo)

leyland wrote:

Thank you so much, I created symbolic links from my Let's Encrypt certs to those files, after backing them up.

That's how to make the links for anyone who has this issue in future, replace "mail.versasys.site" with your domain name.

user@server:/home/user# ln -s /etc/letsencrypt/live/mail.versasys.site/privkey.pem /etc/ssl/private/iRedMail.key 
user@server:/home/user# ln -s /etc/letsencrypt/live/mail.versasys.site/cert.pem /etc/ssl/certs/iRedMail.crt

Do you test your SSL cert installation after this? Use _ttps://www.ssllabs.com/ssltest/ and look for 'Certificate Chain Complete'. If test will be failed, you should use fullchain.pem instead cert.pem

5 (edited by leyland 2024-01-30 22:13:40)

Re: Where do I set the certificate used for IMAP & SMTP & DAV? (SOGo)

The test comes back with an A rating, however the problem is still there when I use IMAP (I thought it worked last night but I think it timed out or something so I thought it has worked.  I must have set the certificate somewhere else manually, instead of changing the iRedMail ones.  I think as a work around I'll just symlink the old domain certs to the new ones.

6

Re: Where do I set the certificate used for IMAP & SMTP & DAV? (SOGo)

leyland wrote:

The test comes back with an A rating, however the problem is still there when I use IMAP (I thought it worked last night but I think it timed out or something so I thought it has worked.  I must have set the certificate somewhere else manually, instead of changing the iRedMail ones.  I think as a work around I'll just symlink the old domain certs to the new ones.

Even this work around didn't work, so some googling and testing reminded me that IMAP is controlled by Dovecot, and it seems I'd set the certificate manually there:

 /etc/dovecot/conf.d/10-ssl.conf 

But it is still not working so I'm at a loss.  Might have to reinstall the whole thing.

7

Re: Where do I set the certificate used for IMAP & SMTP & DAV? (SOGo)

did you restart all services? just changeing the cert path wont work

8

Re: Where do I set the certificate used for IMAP & SMTP & DAV? (SOGo)

Cthulhu wrote:

did you restart all services? just changeing the cert path wont work

I reboot the entire server after each change.

9

Re: Where do I set the certificate used for IMAP & SMTP & DAV? (SOGo)

use a wildcard cert for the domain and use it for all services, includeing webmail and mailserver, this should fix all problems