upgrading to Build 9504 on Windows 2019 - a word of advice + IIS Bindings for SSL certificates

Problem reported by Diego Discacciati - 1/13/2026 at 7:18 AM

Submitted

Last night I upgraded to Build 9504 the usual way, turn off smartermail website in IIS, uninstalled the old built and installed the new one... and I had a moment of panic... all certificates stopped working.

I use the certificate folder in smartermail.

I had to redefine the user for the certificates, reset the password and the path in IIS and regive permission to the certificate user to the folder in smartermail. No idea why it happened but it happened.

It was good however as I realized also that smartermail now wants bindings in IIS for http not only https. Meaning I was receiving a lot of messages for certificates that were not renewing because inaccessible through http, and I guess smarter mail uses http rather than https to validate the domain for the certificate (which it makes sense... when I installed my smartermail many years ago, lots of this was done manually so there was no need to have http in bindings for smartermail except for mail.domain.com to port 80).

However... adding bindings in IIS smartermail site like smtp.domain.com pop.domain.com imap.domain.com all for http port 80... solved all conflicts that were coming up with certificate renewals.

I wished they had it listed somewhere... I did had bindings for smtp, pop, imap but they were all for https port 443. Not having the bindings for hhtp port 80 was creating problems with automatic certificate renewal.

I hope it helps somebody else...

4 Replies

Reply to Thread

Douglas Foster Replied

1/13/2026 at 8:51 AM

Hoping support will comment on this one. We all need to switch over to automatic certificate management, but I don't want to enable unencrypted user connections.

Diego Discacciati Replied

1/13/2026 at 9:25 AM

I know... it is kind of crazy, but it was the only way to get the automatic renewals of certificates. Now they are all working fine...

Well... technically in every smartermail mail domain you can chose in options->security section to force all traffic through https... so that should restore your connections.

But still this binding to port 80 for certificates renewals might be something support should look into... it drove me crazy... for quite sometime...

Reto Replied

1/13/2026 at 9:35 AM

@Diego We have only one http binding for 80 whithout a hostname on the sm site, works fine

@Douglas To my knowdlege the LetsEncrypt http-01 challenge will always be on port 80. You can redirect to https and that is fine for the bot.

Diego Discacciati Replied

1/13/2026 at 11:06 AM

@Reto cannot use that, it is already used outside of smartermail... but any more elegant solution is welcome, I hate all those bindings in smartermail... even because we have few mail domains so I am sure I forgot to list one or two...

Also I did have all mail.mydomain.com bound to port 80. Unfortunately I cannot use just mydomain.com on port 80 in smartermail or a blank... I was under the impression that everything was going to be rerouted through mail.mydomain.com or webmail.mydomain.com ... to avoid conflicts with websites on the same domain... and it is possible that in the past it was because I never had the need to create those bindings in 15+ years? But as you said the http challenge changed that... I wished I knew that before or an alternative solution... I had lots of problems with the automated certificates... never thought about this... till last night.

The other thing... (I am getting older so take it as it comes) I do not recall having that problem creating the certificates. I always had problems with the renewals... which does not make much sense... in theory it should be the opposite...

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text