1
new SM 8720 beta: where are ADDED: SNI SSL/TLS support options and settings?
Question asked by Gabriele Maoret - SERSIS - 11/17/2023 at 3:36 AM
Answered
I have installed the new SM 8720 beta, but can't find  SNI SSL/TLS support options and settings...

Where can I find them?
And also:

- is there a guide on how to configure everything?
- if there are any domain ALIAS, is there anything to do for these too?
Gabriele Maoret - Head of SysAdmins at SERSIS
Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)

11 Replies

Reply to Thread
0
Ann Kinser Replied
According to the SM 8720 beta documentation, SNI SSL/TLS support is enabled by default and can be configured in the following steps:

Go to the SSL/TLS tab in the Settings menu.
Click on the Add Certificate button to upload your SSL/TLS certificate and private key for each domain name you want to host on the same IP address.
Enter the domain name in the Server Name field and select the corresponding certificate from the Certificate dropdown menu.
Click on the Save button to apply the changes.
You can find more details and examples in the SM 8720 beta SNI SSL/TLS guide.
0
Sabatino Replied
Sni/ssl support is in the general tab of the domain

Here you can upload the certificate with the relevant key which must be consistent with the hostname field in the options tab of the domain I imagine

So that then as an imap/smtp/pop/eas endpoint you can use hostname

I believe it doesn't affect webmail at the moment
But you must already have the certificate somewhere as a pfx on disk.
So you have to generate it somehow

I don't think we have integrated self-generation systems at the moment
Sabatino Traini
      Chief Information Officer
Genial s.r.l. 
Martinsicuro - Italy

0
Ricardo Ranieri Replied
When we try to activate Let's Encrypt on Domain we always receive the error:

Domain validation has failed. Please ensure that the hostname is accessible through HTTP from the internet.

The hostname is correct as well as the http access.
0
Sabatino Replied
Oops
Enable ACME Certificate Authority integration I missed.

Settings/General

I'll try
Sabatino Traini
      Chief Information Officer
Genial s.r.l. 
Martinsicuro - Italy

0
Roger Replied
I have the same problem. When I try to automatically generate the SSL certificate for mail.mydomain.com for a domain name under General (Let's encrypt), I get the following error message:

None of the hostnames entered can be reached via HTTP. This is a prerequisite for automatic certificate creation.
Please fix this problem or go back and upload a certificate manually instead.


The FQDN is accessible via port 80 so I don't know what this error message is for. Do I have to remove the binding of the domain in IIS first? Where can I find the documentation for this?


0
I'm not able to use the new Let'Encrypt certificate...

I have two issues:


1 - Ann Kinser  wrote:
<<<<<<<
"You can find more details and examples in the SM 8720 beta SNI SSL/TLS guide."
>>>>>>>

I can't find that guide... Can you post the link to it?



2 - Ricardo Ranieri wrote: 

<<<<<<<<<<
When we try to activate Let's Encrypt on Domain we always receive the error:

Domain validation has failed. Please ensure that the hostname is accessible through HTTP from the internet.

The hostname is correct as well as the http access.
>>>>>>>>>>>>

Same issue here...
Gabriele Maoret - Head of SysAdmins at SERSIS
Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
Nouman Saeed Replied
Ricardo, did you able to solve domain validation issue?
Nomi
0
Ricardo Ranieri Replied
I couldn't do it, always the same error
1
Tim Uzzanti Replied
Employee Post Marked As Answer
We are aware there are some compatibility issues with certifytheweb and considering different solutions to work around it.
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Vivio Technologies Replied
Hi Tim, 

I am not sure if you have seen https://poshac.me/docs/v4/ maybe that might be an option to consider?  Not sure if it would work or not, but it was something we came across the other week. 

Sincerely, 

Mark Keymer
President
Vivio Technologies
0
echoDreamz Replied
https://github.com/natemcmaster/LettuceEncrypt we've used this for a few projects, it works brilliantly.

Reply to Thread