I used the .org domain while setting up my droplet. I setup a DO domain record using DO nameservers and configured postfix to use the UK2 smtp server. In the UK2 control panel I changed nameservers to those of DO and changed the IP of the A record to my DO floating IP.
All went well, DNS propagated, mail was sending (and arriving), it even got an A rating from SSLLabs.
After much testing I then added the .co.uk domain.
All was good so I decided to bite the bullet and transfer the final domain, the .com. I setup a DO domain as per the .org and .co.uk. I reconfigured postfix from .org to .com (main.cf and mailname) and updated the LetsEncrypt cert to include all 3 domains. The site appears mainly fine, for all domains and with SSL.
However, there are now 2 issues…
1: Mail is getting bounced
I went back to the UK2 control panel to check mail settings and saw a message that I could not use mail unless the domain used UK2 nameservers.
I tried adding a DO MX record to point to UK2 mailserver but I didn’t have the IP. So I tried the alternative, using the UK2 nameservers (as preferred/recommended by UK2).
“lamp-1gb-lon1-zenlan postfix/local: E1704FFD35: email@example.com, relay=local, delay=0.03, delays=0.02/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: “info”)”
… the user firstname.lastname@example.org does exist and prior to adding the .com domain to the droplet, the .org was sending mail to that user successfully. The only thing I changed in main.cf was the hostname and myorigin (/etc/mailname) from .org to .com.
So, questions, should I definitely only use DO nameservers? If not, then any idea what is missing/faulty with regard to my DNS and/or postfix configuration?
2: SSL connections look fine but SSL tests fail. The .com gets an F rating from SSLLabs for the ‘DROWN’ vulnerability. The .org and .co.uk domains now fail with “Assessment failed: Unable to connect to the server”.
I suspect that the .com issue might be that while I have used LetsEncrypt on the droplet, I have an existing Namecheap positivessl certificate for the domain www.zenlan.com and it is still installed on the old server. I can’t see any way of deactivating it in the Namecheap control panel, it expires in 2years. I will be decommissioning the old server as soon as I get this one sorted out.
Am I right in thinking that I have to somehow deactivate the old certificate? Is it to do with having all 3 domains on DO using the same certificate? Or is there another issue here?
Clear advice will be much appreciated. I have read so many articles on these topics that I can’t see the wood for the trees now! :)
Thanks for reading all that!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Click below to sign up and get $100 of credit to try our products over 60 days!