让我们encryption的中间证书

我已经build立了让我们在我的服务器上encryptionencryption，然后在同一台服务器（使用nginx的ubuntu服务器16.04）上build立一个邮件服务器（dovecot和postfix）的教程。 在这个过程中，我还为该域创build了两个电子邮件地址，我希望通过邮件客户端Mail来使用。 但是，我收到错误“无法validation帐户名称或密码”，并在http://www.checktls.com/perl/TestReceiver.pl我收到以下错误：

[001.075] Cert NOT VALIDATED: unable to get local issuer certificate [001.075] this may help: What Is An Intermediate Certificate [001.075] So email is encrypted but the domain is not verified [001.075] ssl : scheme=ldap cert=140396633026752 : identity=mail.mysite.com cn=mysite.com alt=2 mysite.com 2 www.mysite.com [001.075] Cert Hostname DOES NOT VERIFY (mail.mysite.com != mysite.com) [001.076] So email is encrypted but the host is not verified 

整个报告：

 seconds test stage and result [000.123] Connected to server [000.437] <-- 220 ubuntu-512mb-fra1-01.mysite.com ESMTP Postfix (Ubuntu) [000.437] We are allowed to connect [000.438] --> EHLO checktls.com [000.558] <-- 250-ubuntu-512mb-fra1-01.mysite.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN [000.558] We can use this server [000.559] TLS is an option on this server [000.559] --> STARTTLS [000.679] <-- 220 2.0.0 Ready to start TLS [000.680] STARTTLS command works on this server [000.947] ssl : new ctx 140396633279344 : start handshake : ssl handshake not started : not using SNI because hostname is unknown : set socket to non-blocking to enforce timeout=30 : call Net::SSLeay::connect : done Net::SSLeay::connect -> -1 : ssl handshake in progress : waiting for fd to become ready: SSL wants a read first : socket ready, retrying connect : call Net::SSLeay::connect : ok=0 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=mysite.com : ok=0 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=mysite.com : ok=0 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=mysite.com : done Net::SSLeay::connect -> -1 : ssl handshake in progress : waiting for fd to become ready: SSL wants a read first : socket ready, retrying connect : call Net::SSLeay::connect : done Net::SSLeay::connect -> 1 : ssl handshake done [000.949] SSLVersion in use: TLSv1.2 [000.949] Cipher in use: ECDHE-RSA-AES128-SHA256 [000.950] Connection converted to SSL [000.979] Certificate 1 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 03:bf:0b:67:c3:bd:f6:98:ed:66:b4:86:11:5c:44:22:e2:1b Signature Algorithm: sha256WithRSAEncryption Issuer: countryName = US organizationName = Let's Encrypt commonName = Let's Encrypt Authority X3 Validity Not Before: Oct 29 10:33:00 2016 GMT Not After : Jan 27 10:33:00 2017 GMT Subject: commonName = mysite.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:dd:1e:5b:b8:0e:b6:06:f3:b5:8d:55:42:b8:d1: f5:91:fd:74:03:f5:f5:5d:6e:8d:84:47:19:d7:28: 77:3d:47:33:50:bd:70:7a:bf:bf:97:fe:9a:bb:af: 31:71:db:d5:8b:dc:5a:22:11:4a:b9:c0:c7:2c:ba: 22:11:52:3d:f8:35:0b:f3:d8:f5:c5:a3:5d:0f:70: df:d6:02:38:dd:a7:43:22:b2:ae:96:7a:a6:17:de: 70:89:e3:74:16:c6:ee:eb:04:37:99:44:f0:2c:10: 95:21:20:75:f9:b3:c8:d2:4a:c0:04:97:6d:fa:82: 10:a5:e7:9a:37:82:95:99:e3:d4:c2:65:1a:d0:60: ef:18:8a:39:6c:0a:13:9e:00:a4:bd:57:03:55:ea: 11:33:61:29:41:99:32:9b:85:7d:76:b8:b3:99:46: 75:33:bf:de:10:52:ce:32:69:9a:36:3d:8b:5b:d1: 67:ff:66:ef:43:ea:8f:07:77:41:55:f5:f6:ba:6d: e2:8f:4e:04:e4:c7:f1:fe:3b:6c:9c:8c:b2:b5:a8: 24:57:c8:50:eb:37:6c:ea:a4:59:d5:17:dd:31:c3: ee:16:df:a4:3a:56:25:ea:38:3c:ab:d2:7f:2b:73: 7d:2e:d5:ca:ff:b9:e7:d2:d3:18:6b:60:14:f9:e8: 03:45 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D9:81:23:A5:47:07:33:95:ED:67:F4:1C:79:48:64:EF:64:93:31:96 X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org/ CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:mysite.com, DNS:www.mysite.com X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org User Notice: Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/ Signature Algorithm: sha256WithRSAEncryption 75:54:a8:af:38:1e:79:64:5c:89:b7:43:5f:81:fd:20:cf:83: 41:f4:f3:4c:53:45:5c:4b:4f:52:41:22:59:76:14:eb:41:30: 46:d2:2a:0e:e3:f8:0a:5b:03:fb:a1:77:b5:95:05:b9:cd:2e: 4a:d7:10:c1:d4:5d:fc:92:fa:30:c3:52:e4:35:02:f8:aa:c2: ea:9a:a5:81:9f:1e:82:ae:d4:0f:d1:ff:ab:a2:56:66:3c:7d: 6c:55:87:c3:88:73:03:1a:c3:35:50:0a:7c:5d:c2:e6:fe:85: 80:29:8b:57:a2:42:4f:db:b9:d0:2e:5f:27:fb:11:bb:cf:86: d5:97:17:2d:80:85:11:a1:27:c8:b9:98:fd:3c:a0:6d:d8:b9: 54:28:1c:70:ea:6c:04:bd:01:26:0c:ac:05:7d:0e:8b:cf:30: 10:a3:06:fa:62:86:35:a4:85:bb:c8:bc:c1:d7:b1:24:a4:95: cb:9b:51:88:62:02:42:d0:43:b4:85:59:57:2c:19:4c:29:6c: 56:5b:f5:8d:b2:08:29:05:b1:61:5a:4b:91:dc:d0:51:8b:a8: 31:dc:ee:84:0a:e6:2f:84:eb:8a:f8:db:b7:ba:40:ce:12:5a: af:c3:26:a3:27:d2:c1:d6:48:80:d2:2a:dc:82:70:8c:0e:04: 36:7e:d3:1e -----BEGIN CERTIFICATE----- MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w 39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+ BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B /SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS +jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9 DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+ 0x4= -----END CERTIFICATE----- [001.005] Certificate 2 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 03:bf:0b:67:c3:bd:f6:98:ed:66:b4:86:11:5c:44:22:e2:1b Signature Algorithm: sha256WithRSAEncryption Issuer: countryName = US organizationName = Let's Encrypt commonName = Let's Encrypt Authority X3 Validity Not Before: Oct 29 10:33:00 2016 GMT Not After : Jan 27 10:33:00 2017 GMT Subject: commonName = mysite.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:dd:1e:5b:b8:0e:b6:06:f3:b5:8d:55:42:b8:d1: f5:91:fd:74:03:f5:f5:5d:6e:8d:84:47:19:d7:28: 77:3d:47:33:50:bd:70:7a:bf:bf:97:fe:9a:bb:af: 31:71:db:d5:8b:dc:5a:22:11:4a:b9:c0:c7:2c:ba: 22:11:52:3d:f8:35:0b:f3:d8:f5:c5:a3:5d:0f:70: df:d6:02:38:dd:a7:43:22:b2:ae:96:7a:a6:17:de: 70:89:e3:74:16:c6:ee:eb:04:37:99:44:f0:2c:10: 95:21:20:75:f9:b3:c8:d2:4a:c0:04:97:6d:fa:82: 10:a5:e7:9a:37:82:95:99:e3:d4:c2:65:1a:d0:60: ef:18:8a:39:6c:0a:13:9e:00:a4:bd:57:03:55:ea: 11:33:61:29:41:99:32:9b:85:7d:76:b8:b3:99:46: 75:33:bf:de:10:52:ce:32:69:9a:36:3d:8b:5b:d1: 67:ff:66:ef:43:ea:8f:07:77:41:55:f5:f6:ba:6d: e2:8f:4e:04:e4:c7:f1:fe:3b:6c:9c:8c:b2:b5:a8: 24:57:c8:50:eb:37:6c:ea:a4:59:d5:17:dd:31:c3: ee:16:df:a4:3a:56:25:ea:38:3c:ab:d2:7f:2b:73: 7d:2e:d5:ca:ff:b9:e7:d2:d3:18:6b:60:14:f9:e8: 03:45 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D9:81:23:A5:47:07:33:95:ED:67:F4:1C:79:48:64:EF:64:93:31:96 X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org/ CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:mysite.com, DNS:www.mysite.com X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org User Notice: Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/ Signature Algorithm: sha256WithRSAEncryption 75:54:a8:af:38:1e:79:64:5c:89:b7:43:5f:81:fd:20:cf:83: 41:f4:f3:4c:53:45:5c:4b:4f:52:41:22:59:76:14:eb:41:30: 46:d2:2a:0e:e3:f8:0a:5b:03:fb:a1:77:b5:95:05:b9:cd:2e: 4a:d7:10:c1:d4:5d:fc:92:fa:30:c3:52:e4:35:02:f8:aa:c2: ea:9a:a5:81:9f:1e:82:ae:d4:0f:d1:ff:ab:a2:56:66:3c:7d: 6c:55:87:c3:88:73:03:1a:c3:35:50:0a:7c:5d:c2:e6:fe:85: 80:29:8b:57:a2:42:4f:db:b9:d0:2e:5f:27:fb:11:bb:cf:86: d5:97:17:2d:80:85:11:a1:27:c8:b9:98:fd:3c:a0:6d:d8:b9: 54:28:1c:70:ea:6c:04:bd:01:26:0c:ac:05:7d:0e:8b:cf:30: 10:a3:06:fa:62:86:35:a4:85:bb:c8:bc:c1:d7:b1:24:a4:95: cb:9b:51:88:62:02:42:d0:43:b4:85:59:57:2c:19:4c:29:6c: 56:5b:f5:8d:b2:08:29:05:b1:61:5a:4b:91:dc:d0:51:8b:a8: 31:dc:ee:84:0a:e6:2f:84:eb:8a:f8:db:b7:ba:40:ce:12:5a: af:c3:26:a3:27:d2:c1:d6:48:80:d2:2a:dc:82:70:8c:0e:04: 36:7e:d3:1e -----BEGIN CERTIFICATE----- MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w 39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+ BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B /SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS +jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9 DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+ 0x4= -----END CERTIFICATE----- [001.074] Certificate 3 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 03:bf:0b:67:c3:bd:f6:98:ed:66:b4:86:11:5c:44:22:e2:1b Signature Algorithm: sha256WithRSAEncryption Issuer: countryName = US organizationName = Let's Encrypt commonName = Let's Encrypt Authority X3 Validity Not Before: Oct 29 10:33:00 2016 GMT Not After : Jan 27 10:33:00 2017 GMT Subject: commonName = mysite.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:dd:1e:5b:b8:0e:b6:06:f3:b5:8d:55:42:b8:d1: f5:91:fd:74:03:f5:f5:5d:6e:8d:84:47:19:d7:28: 77:3d:47:33:50:bd:70:7a:bf:bf:97:fe:9a:bb:af: 31:71:db:d5:8b:dc:5a:22:11:4a:b9:c0:c7:2c:ba: 22:11:52:3d:f8:35:0b:f3:d8:f5:c5:a3:5d:0f:70: df:d6:02:38:dd:a7:43:22:b2:ae:96:7a:a6:17:de: 70:89:e3:74:16:c6:ee:eb:04:37:99:44:f0:2c:10: 95:21:20:75:f9:b3:c8:d2:4a:c0:04:97:6d:fa:82: 10:a5:e7:9a:37:82:95:99:e3:d4:c2:65:1a:d0:60: ef:18:8a:39:6c:0a:13:9e:00:a4:bd:57:03:55:ea: 11:33:61:29:41:99:32:9b:85:7d:76:b8:b3:99:46: 75:33:bf:de:10:52:ce:32:69:9a:36:3d:8b:5b:d1: 67:ff:66:ef:43:ea:8f:07:77:41:55:f5:f6:ba:6d: e2:8f:4e:04:e4:c7:f1:fe:3b:6c:9c:8c:b2:b5:a8: 24:57:c8:50:eb:37:6c:ea:a4:59:d5:17:dd:31:c3: ee:16:df:a4:3a:56:25:ea:38:3c:ab:d2:7f:2b:73: 7d:2e:d5:ca:ff:b9:e7:d2:d3:18:6b:60:14:f9:e8: 03:45 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: D9:81:23:A5:47:07:33:95:ED:67:F4:1C:79:48:64:EF:64:93:31:96 X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org/ CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:mysite.com, DNS:www.mysite.com X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org User Notice: Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/ Signature Algorithm: sha256WithRSAEncryption 75:54:a8:af:38:1e:79:64:5c:89:b7:43:5f:81:fd:20:cf:83: 41:f4:f3:4c:53:45:5c:4b:4f:52:41:22:59:76:14:eb:41:30: 46:d2:2a:0e:e3:f8:0a:5b:03:fb:a1:77:b5:95:05:b9:cd:2e: 4a:d7:10:c1:d4:5d:fc:92:fa:30:c3:52:e4:35:02:f8:aa:c2: ea:9a:a5:81:9f:1e:82:ae:d4:0f:d1:ff:ab:a2:56:66:3c:7d: 6c:55:87:c3:88:73:03:1a:c3:35:50:0a:7c:5d:c2:e6:fe:85: 80:29:8b:57:a2:42:4f:db:b9:d0:2e:5f:27:fb:11:bb:cf:86: d5:97:17:2d:80:85:11:a1:27:c8:b9:98:fd:3c:a0:6d:d8:b9: 54:28:1c:70:ea:6c:04:bd:01:26:0c:ac:05:7d:0e:8b:cf:30: 10:a3:06:fa:62:86:35:a4:85:bb:c8:bc:c1:d7:b1:24:a4:95: cb:9b:51:88:62:02:42:d0:43:b4:85:59:57:2c:19:4c:29:6c: 56:5b:f5:8d:b2:08:29:05:b1:61:5a:4b:91:dc:d0:51:8b:a8: 31:dc:ee:84:0a:e6:2f:84:eb:8a:f8:db:b7:ba:40:ce:12:5a: af:c3:26:a3:27:d2:c1:d6:48:80:d2:2a:dc:82:70:8c:0e:04: 36:7e:d3:1e -----BEGIN CERTIFICATE----- MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w 39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+ BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B /SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS +jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9 DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+ 0x4= -----END CERTIFICATE----- [001.075] Cert NOT VALIDATED: unable to get local issuer certificate [001.075] this may help: What Is An Intermediate Certificate [001.075] So email is encrypted but the domain is not verified [001.075] ssl : scheme=ldap cert=140396633026752 : identity=mail.mysite.com cn=mysite.com alt=2 mysite.com 2 www.mysite.com [001.075] Cert Hostname DOES NOT VERIFY (mail.mysite.com != mysite.com) [001.076] So email is encrypted but the host is not verified [001.076] ~~> EHLO checktls.com [001.077] ssl write_all VM at entry=vm_unknown at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 554. partial `EHLO checktls.com ' at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 557. written so far 19:19 bytes (VM=vm_unknown) at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 676. [001.197] <~~ 250-ubuntu-512mb-fra1-01.mysite.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN [001.198] TLS successfully started on this server [001.198] ~~> MAIL FROM:<[email protected]> [001.199] ssl write_all VM at entry=vm_unknown at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 554. partial `MAIL FROM: ' at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 557. written so far 31:31 bytes (VM=vm_unknown) at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 676. [001.332] <~~ 250 2.1.0 Ok [001.333] Sender is OK [001.333] ~~> RCPT TO:<[email protected]> [001.335] ssl write_all VM at entry=vm_unknown at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 554. partial `RCPT TO: ' at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 557. written so far 31:31 bytes (VM=vm_unknown) at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 676. [001.470] <~~ 250 2.1.5 Ok [001.471] Recipient OK, E-mail address proofed [001.471] ~~> QUIT [001.473] ssl write_all VM at entry=vm_unknown at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 554. partial `QUIT ' at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 557. written so far 6:6 bytes (VM=vm_unknown) at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 676. [001.592] <~~ 221 2.0.0 Bye [001.595] ssl : free ctx 140396633279344 open=140396633279344 : free ctx 140396633279344 callback 

据我所知，问题在于执行证书。 我可以采取什么措施来解决这个问题？

• 对Postfix中的限制的影响
• 如何解决邮件服务器SSL？
• 我的Postfix邮件服务器是一个开放的中继？
• 如何创buildPostFix电子邮件帐户？
• 邮件postfix标记为垃圾邮件的谷歌

 **X509v3 Subject Alternative Name: DNS:mysite.com, DNS:www.mysite.com** 

  -----BEGIN CERTIFICATE----- MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w 39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+ BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B /SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS +jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9 DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+ 0x4= -----END CERTIFICATE----- 

 /opt/letsencrypt/letsencrypt-auto certonly --agree-tos --email [email protected] --keep-until-expiring --webroot -w /usr/share/nginx/html --rsa-key-size 4096 -d vegas.jacobdevans.com --renew-by-default 

 smtp_tls_cert_file = /etc/letsencrypt/live/vegas.jacobdevans.com/fullchain.pem smtp_tls_key_file = /etc/letsencrypt/live/vegas.jacobdevans.com/privkey.pem