NethServer release 7.8.2003 (final)
I notice some strange behavior with setting up mail accounts that they are not being able to be configured on my internal network.
I suspect its got something to do with my security certificates not being applied correctly as when i setup the email account it doesnt resolve automatically and when i set it up manually i get a security certificate warning and when i view the certificate its not the letsencrypt certificate it appears to be the nethserver certificate
If i manually install the certificate it still doesn’t setup the mail account
However if i do this from outside my local network the email can be setup without an issue and dont get the security certificate warning.
I also notice that even if i setup the account externally that every three months when the lets encrypt certificate gets renewed i get a message on the mail client asking me to renew the certificate so it appears the renewed certificate from lets encrypt is not automatically being applied?
When i ping my mail server from the internal network i also get the public IP instead of the local IP?
Tried researching the issue but i don’t appear to find anyone else with the same problem
Welcome to the forum and glad to have you with us.
You can have a look at the Let’s Encrypt log if the sub-domain mail.FQDN responds correctly to the Let’s Encrypt challenge.
Last week, with a friend’s server, I had a simular Let’s Encrypt renewal and ping problem. It was the DNS records for mail. I had to delete the CNAME, add a MX record and also an A record for mail.FQDN. First time I had to add an A record pointing to the public IP of the server for mail, but after adding it, it worked. I do not undertand why. The domain’s registrar was Gandi.
thanks for your feedback
I cant imagine the dns records at the external registrar being a problem since these have not changed from before the issue arose. However I could be wrong.
See attached zone records I have two A records for @ and www pointing at my public IP where the nethserver is.
Sorry for the inconvenience with the limitation. It is there to prevent abuse from spammers/robots and so on, and goes away after spending some time in the community. You’ve been promoted to a more trusted user level. If you want to try again…
Here’s some more info on why the limitations and how to format post and use the forum:
Should be archive_dir = /etc/letsencrypt/archive/wrightway.nz
I would say that there are already directories named: /etc/letsencrypt/archive/wrightway.nz and /etc/letsencrypt/archive/wrightway.nz-0001 and maybe soon a 3rd one that will be name /etc/letsencrypt/archive/wrightway.nz-0002
● You have an A record www pointing to your IP; it should be a CNAME www pointing at @.
● The A record for mail should be named mail.wrightway.nz pointing to your IP.
● I do not understand why some CNAMEs are pointing at mail.xxxxx. (You have more than one mail server?). Maybe you can delete those CNAMEs as they are not realy necessary for now.
You have more than one problems. Don’t worry, the forum is here to help you.
You should start by resolving the DNS records then, the certificate. (One problem at the time.)
Use the default NethServer certificate for now, then later when the DNS records are working properly, you can use Let’s Encrypt. (Start with simple configurationt, then more complicated.)
Use only the default domain for mail, then later when it is working properly, you can configure the one for the other domains. (Again, start with simple configurationt, then more complicated.)
When you register a domain, usually the registrar thinks (hopes) that you will be hosting your new domain with them and not on your own server; that is why he configures the DNS the way it is. The registrar Gandi thinks that way, maybe not yours.
Can you tell us who is your domain registrar so we know how he wants the DNS records ? Example: The registrar Gandi wants to have a final period (.) at the end of the A record for mail, but not all other registrars require it.