Email SSL

DanielCollins · December 15, 2022, 6:41am

Hello,

Just wanted to see a couple of things regarding email SSL, had an issue with outlook and expired cert, went to list email within cyberpanel GUI and pressed the fix button that popped up and said there was an issue and everything started working.
Where are the encryption certs located for the mail server, on the sub domain eg.mail.mydomain.com.au or the mail domain or elsehere as they where both still valid, mail.domain renewed same day as expired one outlook picked up as expired.

also if you go to issue ssl for mail server are you ment to issue for mail.mydomain.com.au or mydomain.com.au if it doesnt renew.

this is only really for referance in the future ill see if it all plays up in 90 days when the certs expire again.

Thank you again for your advise

shoaibkk · December 15, 2022, 8:20am

mail server ssl for any domain mapped to the mail domain of that domain like if you have abc.com domain its mail server SSL will me mail.abc.com

DanielCollins · December 15, 2022, 8:24am

@shoaibkk

yes but are the ssl certs located for the mail server under that sub domain or because they are for a mail server they are stored elsewhere.

eg store.mydomain.com ssl certs are stored /etc/letsencrypt/live/store.mydomain.com

are the ssl for the mail server stored /etc/letsencrypt/live/mail.mydomain.com

or are they stored in another location

josephgodwinke · December 16, 2022, 5:52am

Hello @DanielCollins Happy you are here

Yes they are stored in that location

To issue ssl for mailserver choose your mailserver domain. In popular circumstances the mailserver domain is mail.mydomain.com

Say you have domain.com
domain.com certs are here /etc/letsencrypt/live/domain.com
mail.domain.com certs are here /etc/letsencrypt/live/mail.domain.com
subdomain.domain.com certs are here /etc/letsencrypt/live/subdomain.domain.com

DanielCollins · December 16, 2022, 6:42am

@josephgodwinke

Thank you that clears a few things up. I’ll wait 90 days and see if they renew this time

Exou · February 16, 2023, 2:27pm

I had problem that my ssl expired, cyberpanel issued new certificate for website, but for some reason my mail.example.com didn’t. I tried this command: postmap -F hash:/etc/postfix/vmail_ssl.map and that fixed my problem for now, but I think that problem re appears after sertificate expires again.

DanielCollins · April 3, 2023, 2:17am

@josephgodwinke

Had the same issue again when the cert expired and it was only fixed with the command. command: postmap -F hash:/etc/postfix/vmail_ssl.map and that fixed my problem. Why do I have to do this every 3 months the cert auto renews no issues. Any ideas would be great.

josephgodwinke · April 3, 2023, 3:38am

Seems to be a bug somewhere

The TLS encryption protocol’s SNI that allows a client to perform a TLS handshake needs its table rebuilt every time SSL certificate is renewed. This is a good solution by Postmap as it solves the so common issue on ThunderBird and Outlook “common name mismatch error”

DanielCollins · April 3, 2023, 11:28am

Is there a way I can get it to do the command automacatlly when every the cert is renewed. Or what do I do with the bug, I had a website where a forgot my password link was failing because of the miss match cert date wasn’t updating.

josephgodwinke · April 3, 2023, 11:30am

Which server os is this? Are you runnn the latest update ?

DanielCollins · April 3, 2023, 11:45am

It’s running on ubuntu LTS v20, and cuberpanel is running latest update just released.

I get i can probably schedule a cron job to run every day or something but maybe there is a proper fix. Do you know if anyone is having this issue.

josephgodwinke · April 3, 2023, 11:53am

Honestly I have only seen this with some other panel. Not this one