0

I'm trying to make Haraka TLS work with Let's Encrypt certificate without success.

I've copied the certificates to Haraka config folder and configured the TLS.ini.

cp /etc/letsencrypt/live/MYDOMAIN/privkey.pem /home/jenkins/haraka/config/tls_key.pem
cp /etc/letsencrypt/live/MYDOMAIN/cert.pem    /home/jenkins/haraka/config/tls_cert.pem

But when I test sending through TLS I get a certificate error.

"An error occurred while attempting to establish an SSL or TLS connection. The SSL certificate presented by the server is not trusted by the system for one or more of the following reasons"

Has anyone configured Haraka successfully using Let's encrypt certificates?

Giancarllo Rojas
  • 15
  • 1
  • 6

1 Answers1

1

Are you missing the intermediary file?

You need to use fullchain.pem, not cert.pem.

Also, I think there may be a special property that needs to be set in the csr.pem indicating it’s for mail use, but the error you're getting more commonly applies to using cert.pem (which is useless on its own).

Also, it could be that the other server is outdated and doesn’t support the Let’s Encrypt root.pem yet.

P.S. Could you post the rest of the error message?

coolaj86
  • 74,004
  • 20
  • 105
  • 125