Issue Can't send emails

[Zyne]

Hello,

I've got a problem with sending emails via smtp.
I currently hosting a board with the software named Woltlab Burning Board 4.1. So I switched my site to SSL, used a cloudflare certificate for that but I can't send a account verification mail.

Error on WBB 4.1: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

My Plesk settings:

Websites & Domains:

E-Mail:

Settings in WBB 4.1:
SMTP-Server: My Server IP (can't use domain.tld? "Can not connect to domain.tld")
SMTP-Port: 25 (587 / 465 doesn't work)

What I've tried:

1. sudo cp /etc/postfix/postfix_default.pem /usr/local/share/ca-certificates/postfix_default.crt
2. sudo update-ca-certificates

Error:

stream_socket_enable_crypto(): SSL operation failed with code 5. OpenSSL Error messages: error:0200100D:system library:fopenermission denied error:20074002:BIO routines:FILE_CTRL:system lib error:0B06F002:x509 certificate routines:X509_load_cert_file:system lib error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

sudo chmod a+r /usr/local/share/ca-certificates/postfix_default.crt

Error: stream_socket_enable_crypto(): Peer certificate CN=`Parallels Panel' did not match expected CN=`My Server IP'

 

[UFHH01]

Hi Zyne,

pls. don't mix "webmail" and "mail" - certificates.

Currently, you use the certificate "/etc/postfix/postfix_default.pem" in your postfix - configuration file at "/etc/postfix/main.cf", with the standart self-signed certificate from Plesk.

If you desire to use a different certificate for your mail - server, pls. consider to head over to "HOME > Tools & Settings > SSL/TLS - Certificates" and choose the desired certificate for the setting at "Certificate for securing mail". Pls. make sure, that the new certificate matches the server - hostname, so pls. check after your certificate changes with the example command:

openssl s_client -starttls smtp -connect YOUR-DOMAIN:25

... that the shown "CN" lists your domain - name, that you choosed in your command.

 

[Zyne]

Ok, may I ask you one more question? Just to be sure.
I can't create a ssl certificate for my hostname "vps809****.ovh.net via Let's Encrypt, so I changed this hostname to a subdomain called plesk.mydomain.com and made a A Name record for it on Cloudflare. I also changed the domain, where I can connect to the Plesk Controlpanel to plesk.mydomain.com. After that I created a certificate on cloudflare, using my main domain called mydomain.com, a wildcard *.mydomain.com, webmail.mydomain.com and plesk.mydomain.com.
And now I need to create that SSL certificate under Home > Tools & Settings > SSL/TLS - Certificates (using Cloudflare Origin and Private Key) and choose that for "Certificate for securing mail and everything should work now?

 

[UFHH01]

Hi Zyne,

a wildcard *.mydomain.com, webmail.mydomain.com and plesk.mydomain.com.

Wildcard certificates DON'T need additional subdomain specifications. It is absolutely enough to use "mydomain.com" and "*.mydomain.com", because this includes all possible combinations.

 

[Zyne]

Ok, I don't get it.

If I'm using my IP, I get this error:
PHP warning in file /var/www/vhosts/***.com/httpdocs/board/wcf/lib/system/io/RemoteFile.class.php (95): stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

With my domain instead:
Can not connect to ***.com

Some screens of my settings:

Woltlab settings:

Plesk settings:

Cloudflare settings:

What I'm doing wrong?

 

[UFHH01]

Hi Zyne,

What I'm doing wrong?

As already mentioned before, you should INVESTIGATE, if the used certificates matches the desired domain - name(s):

Use for example:

true | openssl s_client -connect YOUR-DOMAIN.COM:995 | openssl x509 -noout -text | grep DNS:

to see the output of all included domain names and the primary CN - name.