I have set up an email server using docker-mailserver.
DKIM
, SPF
, and DMARC
are configured fine.
SSL was set up using Let's Encrypt. Server has TLS and STARTTLS enabled.
I ran a TLS/SSL test on https://www.checktls.com/TestReceiver , and it said that my SSL works fine:
I am able to use Mozilla Thunderbird to receive and send email via the server:
However, when logging in to Thunderbird to receive email via IMAP, or when sending via SMTP, I see this warning (I am still able to send and receive email if I click on the "Confirm Security Exception" button.)
I checked a couple of other email TLS/SSL testing sites (1 and 2) and they seem to think my certs are not set up correctly ("The certificate doesn't match hostname").
Thoughts?
Update: I've managed to reach the point where imap.domainname.com
is recognized by Thunderbird
to have a valid certificate, but not imap.domainname.com:143
. What would be a fix for this please?
Best Answer
The error message says exactly what your screenshots show: hostname in certificate does not match. You check your certificate with mail.yourdomain.com, and it says valid, so you created your certificate exactly for this hostname. You configure thunderbird to use imap.yourdomain.com.
Unless you configured your certificates to contain subject alternative names and include "imap.yourdomain.com" the error message is absolutely correct.
By default every certificate includes exactly one hostname, and that has to match.
Another possibility would be to purchase a wildcard certificate *.yourdomain.com. Wildcard certificates are usually more expensive while normal certificates with subject alternative names can even be free when using „lets encrypt“ and renew them every 90 days.