Author Topic: Fix for "incomplete missing intermediate SSL" for mobile & other mail clients  (Read 639 times)

0 Members and 1 Guest are viewing this topic.

CWPpro version:

If you experience difficulty loading your email accounts on mobile devices or other mail servers it is most likely caused by the "incomplete or missing intermediate SSL error".

1. To reproduce:
1.1. Set the correct hostname of the server and get a free SSL (/admin/index.php?module=change_hostname)
1.2. Rebuild the mail server with the correct certificate (/admin/index.php?module=postfix_manager)
1.3. Check your config at Insert "hostname:995" or "hostname:993" or "hostname:465" and have a look
- It will show you a broken certificate chain.

2. Make the following changes via terminal:

2.1. Open dovecot config file:
Code: [Select]
nano /etc/dovecot/dovecot.conf
2.2.  Search for the following line:
Code: [Select]
ssl_cert = </etc/pki/tls/certs/hostname.crt
2.3. Then change the "hostname.crt" to "hostname.bundle":
Code: [Select]
ssl_cert = </etc/pki/tls/certs/hostname.bundle
2.4. Restart dovecot:
Code: [Select]
systemctl restart dovecot
2.5. Open postfix config file:
Code: [Select]
nano /etc/postfix/
2.6. Search for the following line:
Code: [Select]
smtpd_tls_cert_file = /etc/pki/tls/certs/hostname.crt
2.7. Change "hostname.crt" to "hostname.bundle" :
Code: [Select]
smtpd_tls_cert_file = /etc/pki/tls/certs/hostname.bundle
2.8. Restart postfix:
Code: [Select]
systemctl restart postfix

3 Check if problem is fixed now

3.1 Check your config at Insert "hostname:995" or "hostname:993" or "hostname:465" and have a look.
- The chain should be complete now.

Thanks for the information. Good some body here is trying to help :)