System version
NethServer release 7.8.2003 (final)
Kernel release
3.10.0-1127.19.1.el7.x86_64
I notice some strange behavior with setting up mail accounts that they are not being able to be configured on my internal network.
I suspect its got something to do with my security certificates not being applied correctly as when i setup the email account it doesnt resolve automatically and when i set it up manually i get a security certificate warning and when i view the certificate its not the letsencrypt certificate it appears to be the nethserver certificate
If i manually install the certificate it still doesn’t setup the mail account
However if i do this from outside my local network the email can be setup without an issue and dont get the security certificate warning.
I also notice that even if i setup the account externally that every three months when the lets encrypt certificate gets renewed i get a message on the mail client asking me to renew the certificate so it appears the renewed certificate from lets encrypt is not automatically being applied?
When i ping my mail server from the internal network i also get the public IP instead of the local IP?
Tried researching the issue but i don’t appear to find anyone else with the same problem
Welcome to the forum and glad to have you with us.
You can have a look at the Let’s Encrypt log if the sub-domain mail.FQDN responds correctly to the Let’s Encrypt challenge.
Last week, with a friend’s server, I had a simular Let’s Encrypt renewal and ping problem. It was the DNS records for mail. I had to delete the CNAME, add a MX record and also an A record for mail.FQDN. First time I had to add an A record pointing to the public IP of the server for mail, but after adding it, it worked. I do not undertand why. The domain’s registrar was Gandi.
I am trying to reply but it says new users are only allowed two links per post so will have to try anD break up my post into parts to see what this community forum restrictions define as a link
thanks for your feedback
I cant imagine the dns records at the external registrar being a problem since these have not changed from before the issue arose. However I could be wrong.
See attached zone records I have two A records for @ and www pointing at my public IP where the nethserver is.
cant attach the whole letsencrypt log for today as it detects more than two links in it and I am unable to post it because of a two link limitation per post for new users
Sorry for the inconvenience with the limitation. It is there to prevent abuse from spammers/robots and so on, and goes away after spending some time in the community. You’ve been promoted to a more trusted user level. If you want to try again…
Damn algorithms…
Here’s some more info on why the limitations and how to format post and use the forum:
Should be archive_dir = /etc/letsencrypt/archive/wrightway.nz
I would say that there are already directories named: /etc/letsencrypt/archive/wrightway.nz and /etc/letsencrypt/archive/wrightway.nz-0001 and maybe soon a 3rd one that will be name /etc/letsencrypt/archive/wrightway.nz-0002
DNS Record:
â—Ź You have an A record www pointing to your IP; it should be a CNAME www pointing at @.
â—Ź The A record for mail should be named mail.wrightway.nz pointing to your IP.
â—Ź I do not understand why some CNAMEs are pointing at mail.xxxxx. (You have more than one mail server?). Maybe you can delete those CNAMEs as they are not realy necessary for now.
Hi There
Thank you for the feedback
There is already a directory
/etc/letsencrypt/archive/ wrightway.nz
and a directory
/etc/letsencrypt/archive/ wrightway.nz-0001
So what must I do to resolve the problem?
I am also unable to navigate to my nethserver gui environment using FQDN i have to use the local ip and ports
Its as if though the nethserver dns is not working or something however if i ping my mail server using the FQDN i get a result from the IP
The DNS records for A and www have been configured this way on my external registrar from the start and havent been an issue
surely i should be pointing autodiscover imap smtp to the mail server?
You have more than one problems. Don’t worry, the forum is here to help you.
You should start by resolving the DNS records then, the certificate. (One problem at the time.)
Use the default NethServer certificate for now, then later when the DNS records are working properly, you can use Let’s Encrypt. (Start with simple configurationt, then more complicated.)
Use only the default domain for mail, then later when it is working properly, you can configure the one for the other domains. (Again, start with simple configurationt, then more complicated.)
When you register a domain, usually the registrar thinks (hopes) that you will be hosting your new domain with them and not on your own server; that is why he configures the DNS the way it is. The registrar Gandi thinks that way, maybe not yours.
Can you tell us who is your domain registrar so we know how he wants the DNS records ? Example: The registrar Gandi wants to have a final period (.) at the end of the A record for mail, but not all other registrars require it.
Hi I finally managed to resolve this issue after dealing with it for a few years.
It turns out it was a misconfiguration in my DNS i pointed my router to nethserver as the DNS provider and removed the secondary DNS from it.
I then set my DNS on ns dashboard to use itself as the primary and googles as the secondary
I am now finally able to send and receive email / configure clients on my internal network and even access my FQDN on server manager instead of my local IP
