Topic: Problem with Let's encrypt intermediate cert expired
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.2.1
- Deployed with iRedMail Easy or the downloadable installer? dl
- Linux/BSD distribution name and version: debian 10.9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
on 29th resp. 30th of September Let's encrypt intermediate certificate R3 (and also X1 or so root) expired. I am having issues with iOS devices and Mac clients complaining about untrusted cert. On the detail pane on the Macs I see that the R3 intermediate is expired. OS on the clients is up2date. On the server I regenerated the cert and rebooted the machine, still no change.
The problem does not occur on the web interface using the same cert.
From the dovecot.conf I don't see the server is offering the intermediate at all...
ssl_cert = </etc/letsencrypt/live/<host>/cert.pem
ssl_key = </etc/letsencrypt/live/<host>/privkey.pem
While nginx effectively does...
where /etc/ssl/certs/iRedMail.crt is pointing to /etc/letsencrypt/live/<host>/fullchain.pem
Any idea how to fix this? The Internet is full of IIS and other web solutions, but I did not yet find anything relating to mail servers
Thanks in advance