· Tutorial ·

Requirements for the validation of a Let's Encrypt TLS certificate request for your Hosting email

A free TLS certificate can be installed in the email service of your Hosting, as long as a series of essential conditions are met for the certificate request to be validated by the Let's Encrypt certification authority that will issue the TLS certificate.

The requirements for the validation of a request of free certificate TLS Let's Encrypt for the mail of your Hosting with SWPanel, are the following ones:

a) To have in your customer account a registered domain on which the SSL certificate request must be made

enter image description here

b) That this registered domain has an associated Hosting service created in your customer account with its corresponding DNS servers assigned.

enter image description here

c) That the registered domain has the same DNS servers (Nameservers) configured corresponding to the hosting service to which the domain is associated.

enter image description here

enter image description here

At the moment of contracting your Smart Hosting, DNS servers (Nameservers) are assigned and automatically configured to the associated domain, if it is also registered in your SWHosting customer account.

If you have a Cloud server with SWPanel, you can define the DNS servers (Nameservers) at the time of creation of the Hosting and they will be automatically configured to the associated domain, if it is also registered in your SWHosting customer account.

d) Once the DNS servers (Nameservers) are associated to the domain, they are propagated on the Internet, so that the Let's Encrypt certification authority can check which DNS servers (Nameservers) are configured for that domain.

You can check that the DNS servers (Nameservers) assigned to your domain are already propagated on the internet, using tools such as whatsmydns.net and from the following URL https://www.whatsmydns.net/#NS/swmanuales.com (You must indicate the name of your domain instead of swmanuales.com).

enter image description here

e) That the DNS record of type CNAME with the name mail of your Hosting, corresponds exactly to the same IP of the mail server defined by the DNS record of type MX and that this information has been propagated on the Internet.

enter image description here

enter image description here

You can check the information propagated on the Internet about the IP corresponding to the CNAME record mail of the DNS zone of your domain with the following URL:

https://www.whatsmydns.net/#A/mail.swmanuales.com (You must indicate your domain name instead of swmanuales.com).

enter image description here

In practice, the entity Let's Encrypt, issuer of the TLS certificate, checks whether the IP of the mail server where your hosting is hosted and which is responsible for making the request for the TLS certificate matches the IP of the mail server defined in the MX type record of the DNS zone of the domain for which the certificate is to be issued. That is, if the IP of the mail server making the TLS certificate request for mail.yourdomain.com matches the IP of your mail server on the Internet.

If all the above requirements are met, you will be able to Activate a TLS certificate for mail of your Hosting with SWPanel.

i