Unable to send mail from an untrusted domain

I have my own email server, and simply added my self-signed certificate into Thunderbird. However, when trying to send mail with NextcloudPi, it fails, and the logs give a Trusted domain error. How can I fix?

If you have a mail server, a real certificate would be a good idea especially because letsencrypt gives out free ones.

Who is giving you the trusted domain error? Nextcloud or your mailserver? You could then tell your server that you ignore certificate errors for certain hosts (although that would allow man-in-the-middle-attacks. Or you need to somehow import the self-signed cert manually. That could be a bit complicate, so I would try official certs first.

Thanks for the response. LetsEncrypt sounds great, but they expire every 90 days.

When I try to send a test message from Nextcloud, I get:

A problem occurred while sending the email. Please revise your settings. (Error: Connection could not be established with host mail.mydomain.com [ #0]) (I changed the domain to ‘mydomain.com’)

While looking through the access and error logs, I can’t seem to find what I saw before. Perhaps it’s not a trusted domain error.

How can I diagnose the email problem?

You run a cronjob to update your certificate regularly. If not you have to do it manually…

Do you see anything on the mailserver logs?

can you tell me where the mailserver logs are? If you’re talking about my mailserver, no, I don’t see a connection attempt.

Then probably the missing verified certificate ends the communication and no delivery attempt is made. How you add certificates manually depends a lot on how you send mails (through php command mail, sendmail-wrapper, …). I personally use a small footprint mail server (ssmtp) which is good to pass mails from webserver applications to a real mailserver. I don’t know how you configured your mailserver, you could use a TLS authenticate, this would be secure despite a missing official certificate: http://edoceo.com/howto/ssmtp

I would still prefer an official certificate. Either manage to make it work with letsencrypt and establish an automatic renewal process or consider perhaps buying a cheap certificate. I think there were some offers around 10-20$ a year.