Discussion:
[BlueOnyx:22520] SSL certificate for mail requiring to be trusted every time the certificate is renewed.
Fungal Style
2018-11-23 00:41:06 UTC
Permalink
Hi all,

I must have missed something, but every 2 months when Let’s Encrypt updates the SSL, it needs to trust the server again.

Here is an example


Server1.domainname.com – has an SSL, all is fine
Mydomain.com – has an SSL certificate also enabled
Both are on the same server/IP address but are not linked in any other way (ie separate TLDs).

When the user checks email after the SSL has been updated they are prompted to trust the server1.domainname.com again, which can be confusing as they do not know the server’s name as it is a different TLD.

This is becoming frustrating as the user also has an iphone and it will not allow the certificate to be trusted without either a) deleting and recreating the account or b) disable the email account on the phone, create a new account, have it trusted when prompted and then you can delete it and revert back to the original email account (I have only read about this but still seems a lot to do every 2 months).

Any ideas on what I am doing wrong or how to do it so the SSL will work more seamlessly?

Regards
Brian
Michael Aronoff
2018-11-23 01:48:45 UTC
Permalink
Post by Fungal Style
Any ideas on what I am doing wrong or how to do it so the SSL will work more seamlessly?
BlueOnyx will always use the server name for the Sendmail process. You used to be able to tell Apple devices to accept the certificate once and it would remember it or disable SSL and that would stop the problems. However with the more recent versions of iOS devices neither works. Even with SSL is disabled it throws errors. It is like they include the setting to disable SSL but then ignore it. Very frustrating.



The only real solution is to explain to clients they are on shared hosting and have them use the server address for incoming and outgoing instead of their own domain name. Sure it is a little annoying but all the problems go away.



Happy Thanksgiving to everyone who celebrates this holiday. :)



______________________________
M Aronoff Out – <mailto:***@gmail.com> ***@gmail.com
Fungal Style
2018-11-23 04:34:47 UTC
Permalink
Michael,

Thanks, I was thinking along those lines
 I may need to name the server more appropriately or something
.

Regards
Brian

From: Blueonyx <blueonyx-***@mail.blueonyx.it> on behalf of Michael Aronoff <***@gmail.com>
Reply-To: Blueonyx mailing list <***@mail.blueonyx.it>
Date: Friday, 23 November 2018 at 12:57 pm
To: Blueonyx mailing list <***@mail.blueonyx.it>
Subject: [BlueOnyx:22521] Re: SSL certificate for mail requiring to be trusted every time the certificate is renewed.
Post by Fungal Style
Any ideas on what I am doing wrong or how to do it so the SSL will work more seamlessly?
BlueOnyx will always use the server name for the Sendmail process. You used to be able to tell Apple devices to accept the certificate once and it would remember it or disable SSL and that would stop the problems. However with the more recent versions of iOS devices neither works. Even with SSL is disabled it throws errors. It is like they include the setting to disable SSL but then ignore it. Very frustrating.

The only real solution is to explain to clients they are on shared hosting and have them use the server address for incoming and outgoing instead of their own domain name. Sure it is a little annoying but all the problems go away.

Happy Thanksgiving to everyone who celebrates this holiday. ☺

______________________________
M Aronoff Out – ***@gmail.com<mailto:***@gmail.com>
Loading...