This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
E-Mail / Fix for "incomplete missing intermediate SSL" for mobile & other mail clients
« on: August 05, 2019, 06:19:44 AM »
CWPpro version: 0.9.8.699
If you experience difficulty loading your email accounts on mobile devices or other mail servers it is most likely caused by the "incomplete or missing intermediate SSL error".
1. To reproduce:
1.1. Set the correct hostname of the server and get a free SSL (/admin/index.php?module=change_hostname)
1.2. Rebuild the mail server with the correct certificate (/admin/index.php?module=postfix_manager)
1.3. Check your config at https://www.sslshopper.com/ssl-checker.html. Insert "hostname:995" or "hostname:993" or "hostname:465" and have a look
- It will show you a broken certificate chain.
2. Make the following changes via terminal:
2.1. Open dovecot config file:
2.2. Search for the following line:
2.3. Then change the "hostname.crt" to "hostname.bundle":
2.4. Restart dovecot:
2.5. Open postfix config file:
2.6. Search for the following line:
2.7. Change "hostname.crt" to "hostname.bundle" :
2.8. Restart postfix:
3 Check if problem is fixed now
3.1 Check your config at https://www.sslshopper.com/ssl-checker.html. Insert "hostname:995" or "hostname:993" or "hostname:465" and have a look.
- The chain should be complete now.
If you experience difficulty loading your email accounts on mobile devices or other mail servers it is most likely caused by the "incomplete or missing intermediate SSL error".
1. To reproduce:
1.1. Set the correct hostname of the server and get a free SSL (/admin/index.php?module=change_hostname)
1.2. Rebuild the mail server with the correct certificate (/admin/index.php?module=postfix_manager)
1.3. Check your config at https://www.sslshopper.com/ssl-checker.html. Insert "hostname:995" or "hostname:993" or "hostname:465" and have a look
- It will show you a broken certificate chain.
2. Make the following changes via terminal:
2.1. Open dovecot config file:
Code: [Select]
nano /etc/dovecot/dovecot.conf
2.2. Search for the following line:
Code: [Select]
ssl_cert = </etc/pki/tls/certs/hostname.crt
2.3. Then change the "hostname.crt" to "hostname.bundle":
Code: [Select]
ssl_cert = </etc/pki/tls/certs/hostname.bundle
2.4. Restart dovecot:
Code: [Select]
systemctl restart dovecot
2.5. Open postfix config file:
Code: [Select]
nano /etc/postfix/main.cf
2.6. Search for the following line:
Code: [Select]
smtpd_tls_cert_file = /etc/pki/tls/certs/hostname.crt
2.7. Change "hostname.crt" to "hostname.bundle" :
Code: [Select]
smtpd_tls_cert_file = /etc/pki/tls/certs/hostname.bundle
2.8. Restart postfix:
Code: [Select]
systemctl restart postfix
3 Check if problem is fixed now
3.1 Check your config at https://www.sslshopper.com/ssl-checker.html. Insert "hostname:995" or "hostname:993" or "hostname:465" and have a look.
- The chain should be complete now.
Pages: [1]