Practicing with the certificates, in let's encrypt win-acme normal is created, works owa, imap autodiscover with SSL.
Testing with checktls, it gives me an alert message :
Cert Hostname DOES NOT VERIFY ,
(mail.contoso.com != mail | DNS:mail | DNS:mail.lan.contoso.com)
In this forum they mention something of the error.
Recommendations of this forum, my dns settings :
Private AD DNS (lan.contoso.com)
| Record Type | DNS Name | Internal IP | ||
| A | mail.lan.contoso.com | 192.168.1.4 | ||
| A | DC01.lan.contoso.com | 192.168.1.3 |
Private DNS (contoso.com) SPLIT
| Record Type | DNS Name | Internal IP | ||
| A | mail.contoso.com | 192.168.1.4 | ||
| A | autodiscover.contoso.com | 192.168.1.4 |
Public DNS (contoso.com)
| Record Type | DNS Name | Value | ||
| A | mail.contoso.com | xxx.xxx.xxx.xxx | ||
| A | autodiscover.contoso.com | xxx.xxx.xxx.xxx | ||
| MX | @ | mail.contoso.com |
The certificate is for the public domain, but the smtp sends me a response from the private AD domain and not from the split domain equal to the public domain.
What am I forgetting to configure, by the way the PTR record is already registered by the ISP.