Unfortunately, it only defaults to my server’s main mail server’s SSL (mail.maindomain.com) and I would like it to switch to the appropriate one so the SSL certificate match-up test passes. What is considered best practice to do this with CyberPanel?
I see that CyberPanel currently has Postfix configured with smtpd_tls_cert_file and smtpd_tls_key_file. Per the documentation, however, with Postfix 3.4 and later, using the smtpd_tls_chain_files parameter is now the official preferred way:
I got it working! @CyberPanel, let me know if you need help implementing this in the next release. It’s quite simple. Just follow what the user suggests here and it works perfectly:
Step 3: Run postmap -F hash:/etc/postfix/vmail_ssl.map.
Step 4: Run systemctl restart postfix.
Step 5: Now test your domains’ SSLs! For each of your domains, run the following command: openssl s_client -connect localhost:25 -servername mail.mydomainname.com -starttls smtp
Actually, everything’s working and nothing’s the matter. If you are on any version of CyberPanel prior to 1.9.4, the mail domains are not created by default so you will need to create subdomains for them in CyberPanel and get SSLs/Let’s Encrypt for each of them. Only new apex/root domains created after installing CyberPanel 1.9.4 will automatically add the .mall subdomain and get the .mail SSL certificate for you. Hope that helps!
As you suggested created mail.xx subdomain with SSL.
Then followed by the end and all worked fine with the code you provided as well SSL handshake made without any issues.
Then I tried to add it to outlook. Unfortunatelly mail.xxx couldnt create an SSL connection. The certificate still shows as original mail server primary domain.
Can you try to connect via outlook etc with ssl and let me know if it works ?
You need to renew your mail server SSL certificate because either (a) you made too many renewal requests and therefore you are locked out and will have to wait a couple days before being able or (b) it is outdated.