Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content

issue e.email domain a valid PKI cert on https, redirect well-known urls

Summary

thunderbird shows certificate errors for users entering their @e.email domain.

Description

currently, https://e.email offers a self-signed cert on https.

Thunderbird client checks by default - if not an oauth2 setup - for .well-known/ caldav and carddav endpoints resulting in warnings of an

Unknown Identity .. Legitimate banks, stores and other public sites will not ask you to do this

While thunderbird could handle well-known url probing more gracefully, a valid public cert on the base domain will keep thunderbird from erroring and confuse users.

see https://community.e.foundation/t/certificat-error-using-thunderbird-with-mail-ecloud-global/68302/6

thunderbird warning (1) and request behaviour (2) screenshots

wellknown-carddav-caldav1-fs8

wellknown-carddav-caldav2-fs8

Solution

  1. issue valid web pki cert on https://e.email
  2. (optionally) redirecting /.well-known/carddav and caldav to nextclouds remote.php/davs -> same behaviour as for murena.io

Alternative

The autoconfig spec draft offers to have calendar and addressbook sections to point e.email users directly to murena.io dav endpoints.

  <addressbook type="carddav">
  ...

  <calendar type="caldav">
  ...

service-typemail

Edited by tcecyk