SSL on second hostname

M

maenda

Member
Jul 10, 2020
26
0
6
48
Hello,

An customer has an connection to the spam firewall but he wants to use his own hostname (anti-spam.domain.com) which is different from the configured domain name.
This is ofcourse working, but some checks complain about the SSL certificate on the hostname (which is normal, as it differs).

How can i add this in a good way, so the PMG handles the email for him in a correct way and has a valid SSL?

Thanks.
 
maenda said:
This is ofcourse working, but some checks complain about the SSL certificate on the hostname (which is normal, as it differs).
Click to expand...
which checks complain exactly (knowing this would help to know what path makes most sense to improve it)

maenda said:
How can i add this in a good way, so the PMG handles the email for him in a correct way and has a valid SSL?
Click to expand...
this is quite well explained in the reference documentation:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#sysadmin_certificate_management

without further details I'd say - check out the integrated ACME implementation - and just add both domain-names to the certificates.

I hope this helps!
 
Stoiko Ivanov said:
which checks complain exactly (knowing this would help to know what path makes most sense to improve it)


this is quite well explained in the reference documentation:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#sysadmin_certificate_management

without further details I'd say - check out the integrated ACME implementation - and just add both domain-names to the certificates.

I hope this helps!
Click to expand...
Hi Stoiko,

Thanks for your reply.

The site who complains is checktls.com
All is green accept the cert part.

Code: 
Certificate #1 of 4 (sent by MX): EXPIRED

Cert VALIDATION ERROR(S): certificate has expired

So email is encrypted but the recipient domain is not verified

Cert Hostname DOES NOT VERIFY (anti-spam.externaldomain.com != mx-1.pmgserver.nl | DNS:mx-1.pmgserver.nl)

So email is encrypted but the host is not verified

Not Valid Before: Nov 12 23:45:05 2021 GMT

Not Valid After: Feb 10 23:45:04 2022 GMT

The certificate on anti-spam domain is valid though. I checked that.

I already added the domain to the SSL manager in pmg but the test keeps yelling this :(
 
maenda said:
Cert VALIDATION ERROR(S): certificate has expired
Click to expand...
If you're using ACME then it seems that the automatic renewal does not work (or that you did not select SMTP and API for the Let's encrypt certificate usage - see the documentation I linked)
 
Hi Stoiko,

I understand but problem is the ssl seems to be working and is valid. Only the check states otherwise
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back