How do I (manually) generate SSL for mailserver? ** Pls Help

My email suddenly stop working as the SSL for mail.example.com expired.
I’ve seen this post [1] and I’ve renewed my SSL for mail.exaple.com in CyPanel, but although CyPanel says the certificate is valid, it is not [2] - I think this is an old bug that’s sill surviving today in CyPanel [3]

As below, LE issued the SSL Mailserver cert for example.com

Why CyPanel tries to link that SSL certificate to the non-existing email id email@example.com? The only email I’ve created is info@example.com

CyPanel MAIN LOG FILE

[05.12.2024_14-37-51] /root/.acme.sh/acme.sh --issue -d example.com -d www.example.com --cert-file /etc/letsencrypt/live/example.com/cert.pem --key-file /etc/letsencrypt/live/example.com/privkey.pem --fullchain-file /etc/letsencrypt/live/example.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[05.12.2024_14-37-56] Successfully obtained SSL for: example.com and: www.example.com
[05.12.2024_14-37-56] {'email@example.com': (550, b'5.1.1 <email@example.com>: Recipient address rejected: User unknown in virtual mailbox table')}

How do I manually generate a LE certificate for info@example.com ?
Many thanks

[1] I can't generate SSL for mail server - #2 by josephgodwinke
[2] Peer Certificate expired !? - #5 by alex32
[3] [BUG] Mail SSL fails every 90day · Issue #1119 · usmannasir/cyberpanel · GitHub

SSL-cert-01_Page21920×2716 225 KB

please show me mail doamin have ssl?

Yes, I’ve already posted the scr-shot in [2]
Here again:

SSL-cert-01_Page11920×2716 111 KB

@shoaibkk , @usmannasir , @josephgodwinke Here are some more details, It looks the acme-challenge didn’t work.
How do I fix it?

/root/.acme.sh/acme.sh --issue -d mail.clonimi.com --cert-file /etc/letsencrypt/live/mail.clonimi.com/cert.pem --key-file /etc/letsencrypt/live/mail.clonimi.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.clonimi.com/fullchain.pem -w /home/clonimi.com/mail.clonimi.com -k ec-256 --force --server letsencrypt  --log

[Fri May 17 02:43:19 PM UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:19 PM UTC 2024] Single domain='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] Getting webroot for domain='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] Verifying: mail.clonimi.com
[Fri May 17 02:43:21 PM UTC 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Fri May 17 02:43:24 PM UTC 2024] Invalid status, mail.clonimi.com:Verify error detail:162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404
[Fri May 17 02:43:24 PM UTC 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log

acme.sh.log

[Fri May 17 02:43:18 PM UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
[Fri May 17 02:43:18 PM UTC 2024] Running cmd: issue
[Fri May 17 02:43:18 PM UTC 2024] _main_domain='mail.clonimi.com'
[Fri May 17 02:43:18 PM UTC 2024] _alt_domains='no'
[Fri May 17 02:43:18 PM UTC 2024] Using config home:/root/.acme.sh
[Fri May 17 02:43:18 PM UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 17 02:43:18 PM UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Fri May 17 02:43:18 PM UTC 2024] _ACME_SERVER_PATH='directory'
[Fri May 17 02:43:18 PM UTC 2024] DOMAIN_PATH='/root/.acme.sh/mail.clonimi.com_ecc'
[Fri May 17 02:43:18 PM UTC 2024] '/home/clonimi.com/mail.clonimi.com' does not contain 'dns'
[Fri May 17 02:43:18 PM UTC 2024] Le_NextRenewTime='1711670896'
[Fri May 17 02:43:18 PM UTC 2024] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:18 PM UTC 2024] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:18 PM UTC 2024] GET
[Fri May 17 02:43:18 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 17 02:43:18 PM UTC 2024] timeout=
[Fri May 17 02:43:18 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:18 PM UTC 2024] ret='0'
[Fri May 17 02:43:18 PM UTC 2024] response='{
  "KrvW24m5Bow": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Fri May 17 02:43:18 PM UTC 2024] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_AUTHZ
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri May 17 02:43:18 PM UTC 2024] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri May 17 02:43:18 PM UTC 2024] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf'
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 17 02:43:19 PM UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:19 PM UTC 2024] _on_before_issue
[Fri May 17 02:43:19 PM UTC 2024] _chk_main_domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _chk_alt_domains
[Fri May 17 02:43:19 PM UTC 2024] '/home/clonimi.com/mail.clonimi.com' does not contain 'no'
[Fri May 17 02:43:19 PM UTC 2024] Le_LocalAddress
[Fri May 17 02:43:19 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] Check for domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _currentRoot='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] d
[Fri May 17 02:43:19 PM UTC 2024] '/home/clonimi.com/mail.clonimi.com' does not contain 'apache'
[Fri May 17 02:43:19 PM UTC 2024] _saved_account_key_hash='/HEb0OyWpQ1QRs94zHwynO3fqHwKuWBI+M2XemIef5I='
[Fri May 17 02:43:19 PM UTC 2024] _saved_account_key_hash is not changed, skip register account.
[Fri May 17 02:43:19 PM UTC 2024] Read key length:ec-256
[Fri May 17 02:43:19 PM UTC 2024] _createcsr
[Fri May 17 02:43:19 PM UTC 2024] domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] domainlist
[Fri May 17 02:43:19 PM UTC 2024] csrkey='/root/.acme.sh/mail.clonimi.com_ecc/mail.clonimi.com.key'
[Fri May 17 02:43:19 PM UTC 2024] csr='/root/.acme.sh/mail.clonimi.com_ecc/mail.clonimi.com.csr'
[Fri May 17 02:43:19 PM UTC 2024] csrconf='/root/.acme.sh/mail.clonimi.com_ecc/mail.clonimi.com.csr.conf'
[Fri May 17 02:43:19 PM UTC 2024] Single domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] seg='mail'
[Fri May 17 02:43:19 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _idn_temp
[Fri May 17 02:43:19 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _idn_temp
[Fri May 17 02:43:19 PM UTC 2024] _csr_cn='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] seg='mail'
[Fri May 17 02:43:19 PM UTC 2024] Getting domain auth token for each domain
[Fri May 17 02:43:19 PM UTC 2024] seg='mail'
[Fri May 17 02:43:19 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _idn_temp
[Fri May 17 02:43:19 PM UTC 2024] d
[Fri May 17 02:43:19 PM UTC 2024] _identifiers='{"type":"dns","value":"mail.clonimi.com"}'
[Fri May 17 02:43:19 PM UTC 2024] _notBefore
[Fri May 17 02:43:19 PM UTC 2024] _notAfter
[Fri May 17 02:43:19 PM UTC 2024] STEP 1, Ordering a Certificate
[Fri May 17 02:43:19 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:19 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 17 02:43:19 PM UTC 2024] payload='{"identifiers": [{"type":"dns","value":"mail.clonimi.com"}]}'
[Fri May 17 02:43:19 PM UTC 2024] EC key
[Fri May 17 02:43:19 PM UTC 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 17 02:43:19 PM UTC 2024] HEAD
[Fri May 17 02:43:19 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 17 02:43:19 PM UTC 2024] body
[Fri May 17 02:43:19 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:19 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Fri May 17 02:43:19 PM UTC 2024] _ret='0'
[Fri May 17 02:43:19 PM UTC 2024] _headers='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:19 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: q2KSHKoJWBIdEgfe5pFgYIwAOvbIlvQIqEs0xfA4PRzXA3wuw8c
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:19 PM UTC 2024] _CACHED_NONCE='q2KSHKoJWBIdEgfe5pFgYIwAOvbIlvQIqEs0xfA4PRzXA3wuw8c'
[Fri May 17 02:43:19 PM UTC 2024] nonce='q2KSHKoJWBIdEgfe5pFgYIwAOvbIlvQIqEs0xfA4PRzXA3wuw8c'
[Fri May 17 02:43:19 PM UTC 2024] POST
[Fri May 17 02:43:19 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 17 02:43:19 PM UTC 2024] body='{"protected": "eyJub25jZSI6ICJxMktTSEtvSldCSWRFZ2ZlNXBGZ1lJd0FPdmJJbHZRSXFFczB4ZkE0UFJ6WEEzd3V3OGMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQzOTY0NjAxNiJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Im1haWwuY2xvbmltaS5jb20ifV19", "signature": "ZX0q7JqGRxJRaAdYdsUhDd03xANDGLraYKn27GMohAyLGVidGldyi1FmkivWeCzg_JK9ojU1-lAHsC25tBddaA"}'
[Fri May 17 02:43:19 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:19 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:19 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:20 PM UTC 2024] _ret='0'
[Fri May 17 02:43:20 PM UTC 2024] responseHeaders='HTTP/2 201 
server: nginx
date: Fri, 17 May 2024 14:43:20 GMT
content-type: application/json
content-length: 342
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/1439646016/270199995557
replay-nonce: q2KSHKoJ56YHgHHNm-R2C31RS-reBvL4b8REnC1uTYqf_KIhi-E
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:20 PM UTC 2024] code='201'
[Fri May 17 02:43:20 PM UTC 2024] original='{
  "status": "pending",
  "expires": "2024-05-24T00:07:05Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.clonimi.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1439646016/270199995557"
}'
[Fri May 17 02:43:20 PM UTC 2024] response='{"status":"pending","expires":"2024-05-24T00:07:05Z","identifiers":[{"type":"dns","value":"mail.clonimi.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/1439646016/270199995557"}'
[Fri May 17 02:43:20 PM UTC 2024] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1439646016/270199995557'
[Fri May 17 02:43:20 PM UTC 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1439646016/270199995557'
[Fri May 17 02:43:20 PM UTC 2024] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] STEP 2, Get the authorizations of each domain
[Fri May 17 02:43:20 PM UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:20 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] payload
[Fri May 17 02:43:20 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:20 PM UTC 2024] Use _CACHED_NONCE='q2KSHKoJ56YHgHHNm-R2C31RS-reBvL4b8REnC1uTYqf_KIhi-E'
[Fri May 17 02:43:20 PM UTC 2024] nonce='q2KSHKoJ56YHgHHNm-R2C31RS-reBvL4b8REnC1uTYqf_KIhi-E'
[Fri May 17 02:43:20 PM UTC 2024] POST
[Fri May 17 02:43:20 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] body='{"protected": "eyJub25jZSI6ICJxMktTSEtvSjU2WUhnSEhObS1SMkMzMVJTLXJlQnZMNGI4UkVuQzF1VFlxZl9LSWhpLUUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM1MTY2NzA1MDQ1NyIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQzOTY0NjAxNiJ9", "payload": "", "signature": "A-lVsIxArxMR2K_TZwqEmIhUV1rvyBMNbYvOKI64U-z8xLtwkjqY2NCFccaWoGcmMz8NrAat9cqZzRr5mxIADw"}'
[Fri May 17 02:43:20 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:20 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:20 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:20 PM UTC 2024] _ret='0'
[Fri May 17 02:43:20 PM UTC 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:20 GMT
content-type: application/json
content-length: 800
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: q2KSHKoJQ-QsSYGx8Wmhr39F79qN5hfiYQjKtzk-cqDtQJujDC0
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:20 PM UTC 2024] code='200'
[Fri May 17 02:43:20 PM UTC 2024] original='{
  "identifier": {
    "type": "dns",
    "value": "mail.clonimi.com"
  },
  "status": "pending",
  "expires": "2024-05-24T00:07:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
    }
  ]
}'
[Fri May 17 02:43:20 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}'
[Fri May 17 02:43:20 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}'
[Fri May 17 02:43:20 PM UTC 2024] _d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _authorizations_map='mail.clonimi.com,{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457
'
[Fri May 17 02:43:20 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] Getting webroot for domain='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _w='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _currentRoot='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _idn_temp
[Fri May 17 02:43:20 PM UTC 2024] _candidates='mail.clonimi.com,{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"'
[Fri May 17 02:43:20 PM UTC 2024] token='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U'
[Fri May 17 02:43:20 PM UTC 2024] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] keyauthorization='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:20 PM UTC 2024] dvlist='mail.clonimi.com#h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA#http-01#/home/clonimi.com/mail.clonimi.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] d
[Fri May 17 02:43:20 PM UTC 2024] vlist='mail.clonimi.com#h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA#http-01#/home/clonimi.com/mail.clonimi.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457,'
[Fri May 17 02:43:20 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] ok, let's start to verify
[Fri May 17 02:43:20 PM UTC 2024] Verifying: mail.clonimi.com
[Fri May 17 02:43:20 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] keyauthorization='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:20 PM UTC 2024] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] _currentRoot='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] wellknown_path='/home/clonimi.com/mail.clonimi.com/.well-known/acme-challenge'
[Fri May 17 02:43:20 PM UTC 2024] writing token:h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U to /home/clonimi.com/mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U
[Fri May 17 02:43:20 PM UTC 2024] Trigger domain validation.
[Fri May 17 02:43:20 PM UTC 2024] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] _t_key_authz='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:20 PM UTC 2024] _t_vtype='http-01'
[Fri May 17 02:43:20 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:20 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] payload='{}'
[Fri May 17 02:43:20 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:20 PM UTC 2024] Use _CACHED_NONCE='q2KSHKoJQ-QsSYGx8Wmhr39F79qN5hfiYQjKtzk-cqDtQJujDC0'
[Fri May 17 02:43:20 PM UTC 2024] nonce='q2KSHKoJQ-QsSYGx8Wmhr39F79qN5hfiYQjKtzk-cqDtQJujDC0'
[Fri May 17 02:43:21 PM UTC 2024] POST
[Fri May 17 02:43:21 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
 
[Fri May 17 02:43:21 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:21 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:21 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:21 PM UTC 2024] _ret='0'
[Fri May 17 02:43:21 PM UTC 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:21 GMT
content-type: application/json
content-length: 187
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA
replay-nonce: YEjsK0piqGf7epfJYMod9oxgT5ER_auUuOQ7a5iVxEuqEXIM5io
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:21 PM UTC 2024] code='200'
[Fri May 17 02:43:21 PM UTC 2024] original='{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA",
  "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
}'
[Fri May 17 02:43:21 PM UTC 2024] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}'
[Fri May 17 02:43:21 PM UTC 2024] trigger validation code: 200
[Fri May 17 02:43:21 PM UTC 2024] Lets check the status of the authz
[Fri May 17 02:43:21 PM UTC 2024] original='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}'
[Fri May 17 02:43:21 PM UTC 2024] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}'
[Fri May 17 02:43:21 PM UTC 2024] status='pending'
[Fri May 17 02:43:21 PM UTC 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Fri May 17 02:43:21 PM UTC 2024] sleep 2 secs to verify again
[Fri May 17 02:43:24 PM UTC 2024] checking
[Fri May 17 02:43:24 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:24 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:24 PM UTC 2024] payload
[Fri May 17 02:43:24 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:24 PM UTC 2024] Use _CACHED_NONCE='YEjsK0piqGf7epfJYMod9oxgT5ER_auUuOQ7a5iVxEuqEXIM5io'
[Fri May 17 02:43:24 PM UTC 2024] nonce='YEjsK0piqGf7epfJYMod9oxgT5ER_auUuOQ7a5iVxEuqEXIM5io'
[Fri May 17 02:43:24 PM UTC 2024] POST
 
[Fri May 17 02:43:24 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:24 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:24 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:24 PM UTC 2024] _ret='0'
[Fri May 17 02:43:24 PM UTC 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:24 GMT
content-type: application/json
content-length: 1035
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: YEjsK0piZj5Lgre4_69D96tlSi5RkX7tTBbIC69Mltte5p6syYw
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:24 PM UTC 2024] code='200'
[Fri May 17 02:43:24 PM UTC 2024] original='{
  "identifier": {
    "type": "dns",
    "value": "mail.clonimi.com"
  },
  "status": "invalid",
  "expires": "2024-05-24T00:07:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U",
      "validationRecord": [
        {
          "url": "http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U",
          "hostname": "mail.clonimi.com",
          "port": "80",
          "addressesResolved": [
            "162.254.32.239"
          ],
          "addressUsed": "162.254.32.239"
        }
      ],
      "validated": "2024-05-17T14:43:21Z"
    }
  ]
}'
[Fri May 17 02:43:24 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"invalid","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","validationRecord":[{"url":"http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","hostname":"mail.clonimi.com","port":"80","addressesResolved":["162.254.32.239"],"addressUsed":"162.254.32.239"}],"validated":"2024-05-17T14:43:21Z"}]}'
[Fri May 17 02:43:24 PM UTC 2024] original='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"invalid","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","validationRecord":[{"url":"http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","hostname":"mail.clonimi.com","port":"80","addressesResolved":["162.254.32.239"],"addressUsed":"162.254.32.239"}],"validated":"2024-05-17T14:43:21Z"}]}'
[Fri May 17 02:43:24 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"invalid","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","validationRecord":[{"url":"http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","hostname":"mail.clonimi.com","port":"80","addressesResolved":["162.254.32.239"],"addressUsed":"162.254.32.239"}],"validated":"2024-05-17T14:43:21Z"}]}'
[Fri May 17 02:43:24 PM UTC 2024] status='invalid
invalid'
[Fri May 17 02:43:24 PM UTC 2024] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403'
[Fri May 17 02:43:24 PM UTC 2024] errordetail='162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404'
[Fri May 17 02:43:24 PM UTC 2024] Invalid status, mail.clonimi.com:Verify error detail:162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404
[Fri May 17 02:43:24 PM UTC 2024] pid
[Fri May 17 02:43:24 PM UTC 2024] No need to restore nginx, skip.
[Fri May 17 02:43:24 PM UTC 2024] _clearupdns
[Fri May 17 02:43:24 PM UTC 2024] dns_entries
[Fri May 17 02:43:24 PM UTC 2024] skip dns.
[Fri May 17 02:43:24 PM UTC 2024] _on_issue_err
[Fri May 17 02:43:24 PM UTC 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Fri May 17 02:43:24 PM UTC 2024] _chk_vlist='mail.clonimi.com#h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA#http-01#/home/clonimi.com/mail.clonimi.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457,'
[Fri May 17 02:43:24 PM UTC 2024] start to deactivate authz
[Fri May 17 02:43:24 PM UTC 2024] Trigger domain validation.
[Fri May 17 02:43:24 PM UTC 2024] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:24 PM UTC 2024] _t_key_authz='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:24 PM UTC 2024] _t_vtype
[Fri May 17 02:43:24 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:24 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:24 PM UTC 2024] payload='{}'
[Fri May 17 02:43:24 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:24 PM UTC 2024] Use _CACHED_NONCE='YEjsK0piZj5Lgre4_69D96tlSi5RkX7tTBbIC69Mltte5p6syYw'
[Fri May 17 02:43:24 PM UTC 2024] nonce='YEjsK0piZj5Lgre4_69D96tlSi5RkX7tTBbIC69Mltte5p6syYw'
[Fri May 17 02:43:24 PM UTC 2024] POST
[Fri May 17 02:43:24 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:24 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:24 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:24 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:25 PM UTC 2024] _ret='0'
[Fri May 17 02:43:25 PM UTC 2024] responseHeaders='HTTP/2 400 
server: nginx
date: Fri, 17 May 2024 14:43:25 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: Tt2XD3cEVFxFWw1gKEb_bHZLPAb7tnHQPrpySmnnNZpuiunU0c4

'
...
  "detail": "Unable to update challenge :: authorization must be pending",
...

Why it is showing server as nginx? is this domain ponting to your server?

Yes, it’s my VPS and I’m the sys admin
It’s the same server for all my domains, and all mail-servers are working fine (CyPanel), except for this one.

@usmannasir anyone?

run these two commands and let me know
postmap -F hash:/etc/postfix/vmail_ssl.map
systemctl restart postfix

Hi Shoaib , @usmannasir

I ran the commands (I did already from your last post)
Nothing new, no errors, but when I run //email/testTo: I get the same SSL error, attached. I tried deleting the mailbox and creating it again. Same error.
Thanks

ss_2305_1228551168×185 23 KB