[not solved] Lets encrypt - Problem Thunderbird

Hey there,

somehow Thunderbird does’t except my certificate anymore.
I use one of “lets encrypt” it works well with all apps but Thunderbird shows a different one.
Do i have to configure Roundcubes SSL also?

Cheers,
Mike

Hello,

Roundcube has nothing to do with Thunderbird, it’s just another webmail/mail client.
What you can do is check for you MX records to verify that your certificate is valid for your mail subdomain (ex: mail.yourdomain.tld).

Hey @thomas ,
first i had that idea too but the mail is using “yourdomain.tld” not “mail.yourdomain.tld” as far as i understand (?!?).

Cheers,
mike

Can you paste a copy of your MX records ?
Anonymize what you want :wink:

The MX record of my domain provider looks like this:

; Domain: mydomain.org
; Exported (y-m-d hh:mm:ss): 2015-12-05 07:18:21
;
; This file is intended for use for informational and archival
; purposes ONLY and MUST be edited before use on a production
; DNS server.
;
; In particular, you must update the SOA record with the correct
; authoritative name server and contact e-mail address information,
; and add the correct NS records for the name servers which will
; be authoritative for this domain.
;
; For further information, please consult the BIND documentation
; located on the following website:
;
; http://www.isc.org/
;
; And RFC 1035:
;
; http://www.ietf.org/rfc/rfc1035.txt
;
; Please note that we do NOT offer technical support for any use
; of this zone data, the BIND name server, or any other third-
; party DNS software.
;
; Use at your own risk.

; SOA Record
mydomain.org.	3600	IN	SOA	ns19.domaincontrol.com.	dns.jomax.net (
				2015101500
				28800
				7200
				604800
				600
				)

; A Records
@	600	IN	A	my.ip.address

; CNAME Records
email	3600	IN	CNAME	@
ftp	3600	IN	CNAME	@
www	3600	IN	CNAME	@

; MX Records
@	3600	IN	MX	0	@
@	3600	IN	MX	10	@

; NS Records
@	3600	IN	NS	ns19.domaincontrol.com
@	3600	IN	NS	ns20.domaincontrol.com

Well, I’m not a Bind expert but I’m guessing that the CNAME record is used to get mail. Have you requested a certificate for this domain ? Maybe that’s it
Thunderbird connects to your mail server usually not with “domain.com” but “imap.domain.com” or “mail.domain.com”. What is the mail server you used when you configured Thunderbird ?

Hey @thomas,
at the moment i use “mydomain.org” to fetch the mails…has not been a problem before.
I had a look at the documentation for the mail client and the DNS configuration and changed the dns configuration a little bit, it looks like this now:

 mydomain.org.	3600	IN	SOA	ns19.domaincontrol.com.	dns.jomax.net (
				2015120602
				28800
				7200
				604800
				600
				)

; A Records
@	600	IN	A	my.ip.adress
*	900	IN	A	my.ip.adress

; CNAME Records
email	3600	IN	CNAME	@
ftp	3600	IN	CNAME	@
muc	1800	IN	CNAME	@
pubsub	1800	IN	CNAME	@
vjud	1800	IN	CNAME	@
www	3600	IN	CNAME	@

; MX Records
@	3600	IN	MX	0	@
@	3600	IN	MX	10	@

; TXT Records
@	900	IN	TXT	"v=spf1 a mx -all"

; SRV Records
_xmpp-client._tcp.@	14400	IN	SRV	0	5	5222	@
_xmpp-server._tcp.@	14400	IN	SRV	0	5	5269	@

; AAAA Records
@	900	IN	AAAA	my.ip6.adress
*	900	IN	AAAA	my.ip6.adress

; NS Records
@	3600	IN	NS	ns19.domaincontrol.com
@	3600	IN	NS	ns20.domaincontrol.com

Thanks for your help… :+1:

So you still have the problem ? I have to recognize I got no more ideas sadly :frowning: Maybe someone passing by will have a better one ! Good luck

Maybe we have the same problem.

yunohost: 2017.02.04+0100
yunohost-admin: 2017.02.03+0100
moulinette: 2017.02.03+0100
ssowat: 2017.02.03+0100

Postfix version: 2.11.3

Feb 6 01:55:48 debianYNH postfix/smtpd[1944]: SSL_accept error from domainName[ip]: lost connectionI
certificate authority: Let’s Encrypt

postconf -n
http://paste.yunohost.org/ivirilofez.ini

I can also paste the contents of main.cf and master.cf if necessary