Email server SSL cert mismatch

Bug Report Template

Description

I’m not sure if this is expected behavior or i’ve set something up incorrectly, but i’m getting a SSL certificate mismatch error when trying to check email from any non-web based client. When I connect to the mail domain which is an A record pointing to from “mail” to the IP address of the server, the certificate used is for the server host instead. This is causing a warning and requiring the user to manually accept the host cert.

Steps to Reproduce

Setup email for customer. Connect to mail server.

Expected Behavior

Mailserver uses site SSL cert so no warning is displayed.

Actual Behavior

Mailserver serves server SSL cert and causes a mismatch.

Environment

ApisCP version: cpcmd misc:cp-version
revision: bded7612e3c72b1b6afe5478725350886d926a3f
timestamp: 1725552827
ver_maj: 3
ver_min: 2
ver_patch: 44
ver_pre: 29-gbded7612e
dirty: false
debug: false
Operating System: 4.18.0-553.16.1.el8_10.x86_64

Additional relevant information (e.g., PHP version, database, etc.):

Additional Information

Provide any additional information about the bug, such as error messages, logs, screenshots, or any other relevant details.

Refer to Help > Setup Instructions in the panel for optimal setup instructions.

If IMAP, POP3 report 993/995 respectively, then it’s good to go; these ports must be observed. 143/110 (respectively) don’t work due to protocol limitations in haproxy. I’ve raised this concern previously, only clear pathway is to rewire haproxy with Envoy.

Thanks. I checked that settings page and the mailservers aren’t using the mail subdomain for some reason.Does the MX record need to point at the main domain?

No, it’s just a convention. So long as the IP address for the domain matches the mail server IP, it’s the same result.