Control Web Panel

WebPanel => E-Mail => Topic started by: motkoning on August 05, 2019, 06:19:44 AM

Title: Fix for "incomplete missing intermediate SSL" for mobile & other mail clients
Post by: motkoning on August 05, 2019, 06:19:44 AM
CWPpro version: 0.9.8.699

If you experience difficulty loading your email accounts on mobile devices or other mail servers it is most likely caused by the "incomplete or missing intermediate SSL error".

1. To reproduce:
1.1. Set the correct hostname of the server and get a free SSL (/admin/index.php?module=change_hostname)
1.2. Rebuild the mail server with the correct certificate (/admin/index.php?module=postfix_manager)
1.3. Check your config at https://www.sslshopper.com/ssl-checker.html. Insert "hostname:995" or "hostname:993" or "hostname:465" and have a look
- It will show you a broken certificate chain.


2. Make the following changes via terminal:


2.1. Open dovecot config file:
Code: [Select]
nano /etc/dovecot/dovecot.conf
2.2.  Search for the following line:
Code: [Select]
ssl_cert = </etc/pki/tls/certs/hostname.crt
2.3. Then change the "hostname.crt" to "hostname.bundle":
Code: [Select]
ssl_cert = </etc/pki/tls/certs/hostname.bundle
2.4. Restart dovecot:
Code: [Select]
systemctl restart dovecot
2.5. Open postfix config file:
Code: [Select]
nano /etc/postfix/main.cf
2.6. Search for the following line:
Code: [Select]
smtpd_tls_cert_file = /etc/pki/tls/certs/hostname.crt
2.7. Change "hostname.crt" to "hostname.bundle" :
Code: [Select]
smtpd_tls_cert_file = /etc/pki/tls/certs/hostname.bundle
2.8. Restart postfix:
Code: [Select]
systemctl restart postfix

3 Check if problem is fixed now

3.1 Check your config at https://www.sslshopper.com/ssl-checker.html. Insert "hostname:995" or "hostname:993" or "hostname:465" and have a look.
- The chain should be complete now.
Title: Re: Fix for "incomplete missing intermediate SSL" for mobile & other mail clients
Post by: jnet on August 05, 2019, 06:22:55 AM
Thanks for the information. Good some body here is trying to help :)