Problème de certificat SSL sur SMTP - Problem with SSL certificate on SMTP server


:uk:/:us: Problem with SSL certificate on SMTP server

This post is very similar to Probleme avec certificat SSL et serveur SMTP - Problem with SSL certificat and SMTP

My YunoHost server

Hardware: VPS bought online
YunoHost version: (stable)
I have access to my server : Through SSH + through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi all, all the best for this new year 2023 :star_struck:

When I try to send an email, the email software complains about an expired SSL certificate. However, when I connect to the web, the SSL certificate is OK (dates OK, not expired).
I have several installations of Yunohost and this problem affects all installations where the let’sencrypt SSL certificate has been recently renewed.

More information

When checking tls cert on port 25 using //email/testTo: I get the following result:

seconds		test stage and result
[000.000]		Trying TLS on[my-server-ip:25] (-1)
[000.082]		Server answered
[001.018]	<‑‑	220 Service ready
[001.019]		We are allowed to connect
[001.019]	‑‑>	EHLO
[001.100]	<‑‑
250-SIZE 35914708
[001.100]		We can use this server
[001.101]		TLS is an option on this server
[001.101]	‑‑>	STARTTLS
[001.182]	<‑‑	220 2.0.0 Ready to start TLS
[001.182]		STARTTLS command works on this server
[001.397]		Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Session Algorithm in use: Curve X25519 DHE(253 bits)
Certificate #1 of 4 (sent by MX): EXPIRED
Cert VALIDATION ERROR(S): certificate has expired
So email is encrypted but the recipient domain is not verified
Cert Hostname VERIFIED ( = |
Not Valid Before: Oct  3 03:25:52 2022 GMT
Not Valid After: Jan  1 03:25:51 2023 GMT
subject: /
issuer: /C=US/O=Let's Encrypt/CN=R3

(domain name and server IP redacted for privacy but I can give the name on MP if someone wants to help :blush: )

but when I connect to the same domain using web, the certificate is OK (certificate renewed on 16/12/2022 05:25:38 UTC+1 and valid until 16/03/2023 05:25:37 UTC+1).
It seems that the SMTP server is using the previous SSL certificate!

What I tried to do

I restarted but no luck.

I checked on /etc/yunohost/certs/ : new certificated are generated with root:root rights when old ones have root:ssl-cert right. I used a chown root:ssl-cert on them but this didn’t fix the problem.
The symbolic links points well to the new certificate.

I tried to rollback to self signed certificate and use a new let’s encrypt certificate like suggested on Probleme avec certificat SSL et serveur SMTP - Problem with SSL certificat and SMTP but that didn’t fix the problem.

I’ve run out of ideas! :sob:

:fr: Problème de certificat SSL sur SMTP

Ce message est très similaire à Probleme avec certificat SSL et serveur SMTP - Problem with SSL certificat and SMTP

Mon serveur YunoHost

Matériel: VPS acheté en ligne
Version de YunoHost: (stable)
J’ai accès à mon serveur : En SSH + Par la webadmin
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : non

Description du problème

Salut à tous et tous mes voeux pour cette nouvelle année 2023 :star_struck:

Lorsque j’essaie d’envoyer un email, le logiciel de messagerie se plaint d’un certificat SSL expiré. Pourtant, quand je me connecte en web, le certificat SSL est OK (dates OK, non expiré).
J’ai plusieurs installations de Yunohost et ce problème concerne toutes les installations sur lesquelles le certificat SSL let’sencrypt a été récemment renouvelé.
Plus de détails dans le message en anglais.

Did you try yunohost tools regen-conf postfix ?


this works perfectly. Thank you! :star_struck:
Is this command part of a cron which didn’t run?

WAAAAOU Thank you !!
Why the f… is it not an automatic command when the server certificate is renewed ?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.