Hi guys,
I have a problem when i try setup the starttls for inbounded email (start_esmtp_listener)
I start first with defaults configuration(without starttls ) anf it works fine but the moment when add those lines "tls_certificate = ‘/path/to/certificate’ " and "tls_private_key =‘/path/to/key’ "
After adding those line to init.lua configuration the listening port is not working (is not up for listening )
but when i remove the added line it start working again, any one face this type of issue
Hey there @meaningful-lemur, thanks for posting. Please read the “Troubleshooting” and “How to Ask for Help” buttons below. If you would like a 1:1 support session from the KumoMTA team, details are at the “Book a Support Session” button below.
show the error please
Did you actually create a TLS cert?
Please provide all the required information mentioned above. It is impossible to help without your configs and the actual error.
Yes i already create the tls cert and this my configuration init.lua
When i restart the kumomta service, the port 587 is not up to listening for inbounded email
I recommend moving the cert to your kumomta path. The kumod user needs access and the permissions need to be strict
This may help some
Yes, very likely a permissions issue.
thanks guys now the port is working with tls configuration but it gives me a new error when i test it with this website “www.smtper.net” Using Secured Connection
Sounds like you have a bad certificate 
- It could be that your cert does not match your hostname, or that the site you are connecting to does not like self signed certs, or that your cert is actually malformed… You may want to inspect the cert to make sure it is actually valid.
Though… I am thiking that is actually the remote cert issue
maybe set your Enable_TLS to OpportunisticInsecure
I recommend using openssl s_client -starttls smtp -crlf -connect appszone.xyz:25 to see what that says about the destination
the command you give me is working fine with my kumomta server , but when i use the website “www.smtper.net” it give me the same error
i use letsencrypt’s certificate as the article suggest and i still have the same issue , so the story is i want to connect my kumomta server with Firebase as smtp (so Firebase will send automatically email to my customers via my kumomta server) , and they forced you to use starttls or ssl to secure connection between Firebase and your smtp , so when i use telnet it work fine but with Firebase is not working , so i contact their support, and their answer was try the tools “www.smtper.net” if it work , the problem is in our side if not the problem is in your side (my kumomta ). when i test kumotomta in the website it give me the error mentioned above . but when i test my server kumomta in Firebase directly it give me this error in image.