I have a Mail Server i host for my personal email as well as business for myself and parents however I have one Certificate for all Domains,
CN=domain1
CN=domain2
CN=domain3
CN=domain4
and so on but this K9 App doesn’t seem to like the Certificate when it updates i had to tell the App to use it, would anyone have any ideas ? my old phone never had this issue as it had a option for Accept all Certs in the built in app my new phone doesn’t have a built in mail app, but the K9 Mail doesn’t have Accept all Certificates. Or would it he possible to have it added as a feature?
I am using a Lets Encrypt Cert for all the domains. I have all Domains in one Cert but K9 Mail hates it works with everything else tho. K9 Mail shows the Cert but it says it goes against the Domain, Here is the output from Certbot.
Found the following certs:
Certificate Name: mailcert
Domains: mail.bamfords mail.kkeng mail.violet
Expiry Date: 2022-04-16 19:25:39+00:00 (VALID: 74 days)
Certificate Path: /etc/letsencrypt/live/mailcert/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mailcert/privkey.pem
I would suggest splitting certificates for different domains (not subdomains!) to different certificate files as you will have problems if your client runs into SNI denial…
I assume K-9 calls the IP after DNS lookup and tells the servers once after handshake which server (i.e. domain) it is looking for. After that, it ignores or doesn’t understand the SNI response…?
K-9 Mail checks the certificate against the server name entered under Settings → [Account] → Fetching mail → Incoming server → IMAP/POP3 server and Settings → [Account] → Sending mail → Outgoing server → SMTP server. Make sure those names match one in the server certificate.
If that doesn’t help, please post the exact error message K-9 Mail is displaying (or a screenshot).
Yes i see the problem now the Cert on the Mail Server has the hostname of mail but the app connects via smtp. and imap. they are missing from the Cert. Adding smtp and imap will fix the problem i guess.