How do I (manually) generate SSL for mailserver? ** Pls Help

Support and Discussion
, ,
1

My email suddenly stop working as the SSL for mail.example.com expired.
I’ve seen this post [1] and I’ve renewed my SSL for mail.exaple.com in CyPanel, but although CyPanel says the certificate is valid, it is not [2] - I think this is an old bug that’s sill surviving today in CyPanel [3]

As below, LE issued the SSL Mailserver cert for example.com

Why CyPanel tries to link that SSL certificate to the non-existing email id [email protected]? The only email I’ve created is [email protected]

CyPanel MAIN LOG FILE

[05.12.2024_14-37-51] /root/.acme.sh/acme.sh --issue -d example.com -d www.example.com --cert-file /etc/letsencrypt/live/example.com/cert.pem --key-file /etc/letsencrypt/live/example.com/privkey.pem --fullchain-file /etc/letsencrypt/live/example.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[05.12.2024_14-37-56] Successfully obtained SSL for: example.com and: www.example.com
[05.12.2024_14-37-56] {'[email protected]': (550, b'5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table')}

How do I manually generate a LE certificate for [email protected] ?
Many thanks

[1] I can't generate SSL for mail server - #2 by josephgodwinke
[2] Peer Certificate expired !? - #5 by alex32
[3] [BUG] Mail SSL fails every 90day · Issue #1119 · usmannasir/cyberpanel · GitHub

SSL-cert-01_Page2
SSL-cert-01_Page21920×2716 225 KB

2

please show me mail doamin have ssl?

3

Yes, I’ve already posted the scr-shot in [2]
Here again:

SSL-cert-01_Page1
SSL-cert-01_Page11920×2716 111 KB

4

@shoaibkk , @usmannasir , @josephgodwinke Here are some more details, It looks the acme-challenge didn’t work.
How do I fix it?

/root/.acme.sh/acme.sh --issue -d mail.clonimi.com --cert-file /etc/letsencrypt/live/mail.clonimi.com/cert.pem --key-file /etc/letsencrypt/live/mail.clonimi.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.clonimi.com/fullchain.pem -w /home/clonimi.com/mail.clonimi.com -k ec-256 --force --server letsencrypt  --log

[Fri May 17 02:43:19 PM UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:19 PM UTC 2024] Single domain='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] Getting webroot for domain='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] Verifying: mail.clonimi.com
[Fri May 17 02:43:21 PM UTC 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Fri May 17 02:43:24 PM UTC 2024] Invalid status, mail.clonimi.com:Verify error detail:162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404
[Fri May 17 02:43:24 PM UTC 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log

acme.sh.log

[Fri May 17 02:43:18 PM UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
[Fri May 17 02:43:18 PM UTC 2024] Running cmd: issue
[Fri May 17 02:43:18 PM UTC 2024] _main_domain='mail.clonimi.com'
[Fri May 17 02:43:18 PM UTC 2024] _alt_domains='no'
[Fri May 17 02:43:18 PM UTC 2024] Using config home:/root/.acme.sh
[Fri May 17 02:43:18 PM UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 17 02:43:18 PM UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Fri May 17 02:43:18 PM UTC 2024] _ACME_SERVER_PATH='directory'
[Fri May 17 02:43:18 PM UTC 2024] DOMAIN_PATH='/root/.acme.sh/mail.clonimi.com_ecc'
[Fri May 17 02:43:18 PM UTC 2024] '/home/clonimi.com/mail.clonimi.com' does not contain 'dns'
[Fri May 17 02:43:18 PM UTC 2024] Le_NextRenewTime='1711670896'
[Fri May 17 02:43:18 PM UTC 2024] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:18 PM UTC 2024] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:18 PM UTC 2024] GET
[Fri May 17 02:43:18 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 17 02:43:18 PM UTC 2024] timeout=
[Fri May 17 02:43:18 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:18 PM UTC 2024] ret='0'
[Fri May 17 02:43:18 PM UTC 2024] response='{
  "KrvW24m5Bow": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Fri May 17 02:43:18 PM UTC 2024] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_AUTHZ
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri May 17 02:43:18 PM UTC 2024] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri May 17 02:43:18 PM UTC 2024] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf'
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 17 02:43:19 PM UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:19 PM UTC 2024] _on_before_issue
[Fri May 17 02:43:19 PM UTC 2024] _chk_main_domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _chk_alt_domains
[Fri May 17 02:43:19 PM UTC 2024] '/home/clonimi.com/mail.clonimi.com' does not contain 'no'
[Fri May 17 02:43:19 PM UTC 2024] Le_LocalAddress
[Fri May 17 02:43:19 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] Check for domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _currentRoot='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] d
[Fri May 17 02:43:19 PM UTC 2024] '/home/clonimi.com/mail.clonimi.com' does not contain 'apache'
[Fri May 17 02:43:19 PM UTC 2024] _saved_account_key_hash='/HEb0OyWpQ1QRs94zHwynO3fqHwKuWBI+M2XemIef5I='
[Fri May 17 02:43:19 PM UTC 2024] _saved_account_key_hash is not changed, skip register account.
[Fri May 17 02:43:19 PM UTC 2024] Read key length:ec-256
[Fri May 17 02:43:19 PM UTC 2024] _createcsr
[Fri May 17 02:43:19 PM UTC 2024] domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] domainlist
[Fri May 17 02:43:19 PM UTC 2024] csrkey='/root/.acme.sh/mail.clonimi.com_ecc/mail.clonimi.com.key'
[Fri May 17 02:43:19 PM UTC 2024] csr='/root/.acme.sh/mail.clonimi.com_ecc/mail.clonimi.com.csr'
[Fri May 17 02:43:19 PM UTC 2024] csrconf='/root/.acme.sh/mail.clonimi.com_ecc/mail.clonimi.com.csr.conf'
[Fri May 17 02:43:19 PM UTC 2024] Single domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] seg='mail'
[Fri May 17 02:43:19 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _idn_temp
[Fri May 17 02:43:19 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _idn_temp
[Fri May 17 02:43:19 PM UTC 2024] _csr_cn='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] seg='mail'
[Fri May 17 02:43:19 PM UTC 2024] Getting domain auth token for each domain
[Fri May 17 02:43:19 PM UTC 2024] seg='mail'
[Fri May 17 02:43:19 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _idn_temp
[Fri May 17 02:43:19 PM UTC 2024] d
[Fri May 17 02:43:19 PM UTC 2024] _identifiers='{"type":"dns","value":"mail.clonimi.com"}'
[Fri May 17 02:43:19 PM UTC 2024] _notBefore
[Fri May 17 02:43:19 PM UTC 2024] _notAfter
[Fri May 17 02:43:19 PM UTC 2024] STEP 1, Ordering a Certificate
[Fri May 17 02:43:19 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:19 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 17 02:43:19 PM UTC 2024] payload='{"identifiers": [{"type":"dns","value":"mail.clonimi.com"}]}'
[Fri May 17 02:43:19 PM UTC 2024] EC key
[Fri May 17 02:43:19 PM UTC 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 17 02:43:19 PM UTC 2024] HEAD
[Fri May 17 02:43:19 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 17 02:43:19 PM UTC 2024] body
[Fri May 17 02:43:19 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:19 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Fri May 17 02:43:19 PM UTC 2024] _ret='0'
[Fri May 17 02:43:19 PM UTC 2024] _headers='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:19 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: q2KSHKoJWBIdEgfe5pFgYIwAOvbIlvQIqEs0xfA4PRzXA3wuw8c
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:19 PM UTC 2024] _CACHED_NONCE='q2KSHKoJWBIdEgfe5pFgYIwAOvbIlvQIqEs0xfA4PRzXA3wuw8c'
[Fri May 17 02:43:19 PM UTC 2024] nonce='q2KSHKoJWBIdEgfe5pFgYIwAOvbIlvQIqEs0xfA4PRzXA3wuw8c'
[Fri May 17 02:43:19 PM UTC 2024] POST
[Fri May 17 02:43:19 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 17 02:43:19 PM UTC 2024] body='{"protected": "eyJub25jZSI6ICJxMktTSEtvSldCSWRFZ2ZlNXBGZ1lJd0FPdmJJbHZRSXFFczB4ZkE0UFJ6WEEzd3V3OGMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQzOTY0NjAxNiJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Im1haWwuY2xvbmltaS5jb20ifV19", "signature": "ZX0q7JqGRxJRaAdYdsUhDd03xANDGLraYKn27GMohAyLGVidGldyi1FmkivWeCzg_JK9ojU1-lAHsC25tBddaA"}'
[Fri May 17 02:43:19 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:19 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:19 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:20 PM UTC 2024] _ret='0'
[Fri May 17 02:43:20 PM UTC 2024] responseHeaders='HTTP/2 201 
server: nginx
date: Fri, 17 May 2024 14:43:20 GMT
content-type: application/json
content-length: 342
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/1439646016/270199995557
replay-nonce: q2KSHKoJ56YHgHHNm-R2C31RS-reBvL4b8REnC1uTYqf_KIhi-E
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:20 PM UTC 2024] code='201'
[Fri May 17 02:43:20 PM UTC 2024] original='{
  "status": "pending",
  "expires": "2024-05-24T00:07:05Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.clonimi.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1439646016/270199995557"
}'
[Fri May 17 02:43:20 PM UTC 2024] response='{"status":"pending","expires":"2024-05-24T00:07:05Z","identifiers":[{"type":"dns","value":"mail.clonimi.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/1439646016/270199995557"}'
[Fri May 17 02:43:20 PM UTC 2024] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1439646016/270199995557'
[Fri May 17 02:43:20 PM UTC 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1439646016/270199995557'
[Fri May 17 02:43:20 PM UTC 2024] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] STEP 2, Get the authorizations of each domain
[Fri May 17 02:43:20 PM UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:20 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] payload
[Fri May 17 02:43:20 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:20 PM UTC 2024] Use _CACHED_NONCE='q2KSHKoJ56YHgHHNm-R2C31RS-reBvL4b8REnC1uTYqf_KIhi-E'
[Fri May 17 02:43:20 PM UTC 2024] nonce='q2KSHKoJ56YHgHHNm-R2C31RS-reBvL4b8REnC1uTYqf_KIhi-E'
[Fri May 17 02:43:20 PM UTC 2024] POST
[Fri May 17 02:43:20 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] body='{"protected": "eyJub25jZSI6ICJxMktTSEtvSjU2WUhnSEhObS1SMkMzMVJTLXJlQnZMNGI4UkVuQzF1VFlxZl9LSWhpLUUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM1MTY2NzA1MDQ1NyIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQzOTY0NjAxNiJ9", "payload": "", "signature": "A-lVsIxArxMR2K_TZwqEmIhUV1rvyBMNbYvOKI64U-z8xLtwkjqY2NCFccaWoGcmMz8NrAat9cqZzRr5mxIADw"}'
[Fri May 17 02:43:20 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:20 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:20 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:20 PM UTC 2024] _ret='0'
[Fri May 17 02:43:20 PM UTC 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:20 GMT
content-type: application/json
content-length: 800
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: q2KSHKoJQ-QsSYGx8Wmhr39F79qN5hfiYQjKtzk-cqDtQJujDC0
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:20 PM UTC 2024] code='200'
[Fri May 17 02:43:20 PM UTC 2024] original='{
  "identifier": {
    "type": "dns",
    "value": "mail.clonimi.com"
  },
  "status": "pending",
  "expires": "2024-05-24T00:07:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
    }
  ]
}'
[Fri May 17 02:43:20 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}'
[Fri May 17 02:43:20 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}'
[Fri May 17 02:43:20 PM UTC 2024] _d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _authorizations_map='mail.clonimi.com,{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457
'
[Fri May 17 02:43:20 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] Getting webroot for domain='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _w='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _currentRoot='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _idn_temp
[Fri May 17 02:43:20 PM UTC 2024] _candidates='mail.clonimi.com,{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"'
[Fri May 17 02:43:20 PM UTC 2024] token='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U'
[Fri May 17 02:43:20 PM UTC 2024] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] keyauthorization='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:20 PM UTC 2024] dvlist='mail.clonimi.com#h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA#http-01#/home/clonimi.com/mail.clonimi.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] d
[Fri May 17 02:43:20 PM UTC 2024] vlist='mail.clonimi.com#h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA#http-01#/home/clonimi.com/mail.clonimi.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457,'
[Fri May 17 02:43:20 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] ok, let's start to verify
[Fri May 17 02:43:20 PM UTC 2024] Verifying: mail.clonimi.com
[Fri May 17 02:43:20 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] keyauthorization='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:20 PM UTC 2024] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] _currentRoot='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] wellknown_path='/home/clonimi.com/mail.clonimi.com/.well-known/acme-challenge'
[Fri May 17 02:43:20 PM UTC 2024] writing token:h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U to /home/clonimi.com/mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U
[Fri May 17 02:43:20 PM UTC 2024] Trigger domain validation.
[Fri May 17 02:43:20 PM UTC 2024] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] _t_key_authz='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:20 PM UTC 2024] _t_vtype='http-01'
[Fri May 17 02:43:20 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:20 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] payload='{}'
[Fri May 17 02:43:20 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:20 PM UTC 2024] Use _CACHED_NONCE='q2KSHKoJQ-QsSYGx8Wmhr39F79qN5hfiYQjKtzk-cqDtQJujDC0'
[Fri May 17 02:43:20 PM UTC 2024] nonce='q2KSHKoJQ-QsSYGx8Wmhr39F79qN5hfiYQjKtzk-cqDtQJujDC0'
[Fri May 17 02:43:21 PM UTC 2024] POST
[Fri May 17 02:43:21 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
 
[Fri May 17 02:43:21 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:21 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:21 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:21 PM UTC 2024] _ret='0'
[Fri May 17 02:43:21 PM UTC 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:21 GMT
content-type: application/json
content-length: 187
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA
replay-nonce: YEjsK0piqGf7epfJYMod9oxgT5ER_auUuOQ7a5iVxEuqEXIM5io
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:21 PM UTC 2024] code='200'
[Fri May 17 02:43:21 PM UTC 2024] original='{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA",
  "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
}'
[Fri May 17 02:43:21 PM UTC 2024] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}'
[Fri May 17 02:43:21 PM UTC 2024] trigger validation code: 200
[Fri May 17 02:43:21 PM UTC 2024] Lets check the status of the authz
[Fri May 17 02:43:21 PM UTC 2024] original='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}'
[Fri May 17 02:43:21 PM UTC 2024] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}'
[Fri May 17 02:43:21 PM UTC 2024] status='pending'
[Fri May 17 02:43:21 PM UTC 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Fri May 17 02:43:21 PM UTC 2024] sleep 2 secs to verify again
[Fri May 17 02:43:24 PM UTC 2024] checking
[Fri May 17 02:43:24 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:24 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:24 PM UTC 2024] payload
[Fri May 17 02:43:24 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:24 PM UTC 2024] Use _CACHED_NONCE='YEjsK0piqGf7epfJYMod9oxgT5ER_auUuOQ7a5iVxEuqEXIM5io'
[Fri May 17 02:43:24 PM UTC 2024] nonce='YEjsK0piqGf7epfJYMod9oxgT5ER_auUuOQ7a5iVxEuqEXIM5io'
[Fri May 17 02:43:24 PM UTC 2024] POST
 
[Fri May 17 02:43:24 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:24 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:24 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:24 PM UTC 2024] _ret='0'
[Fri May 17 02:43:24 PM UTC 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:24 GMT
content-type: application/json
content-length: 1035
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: YEjsK0piZj5Lgre4_69D96tlSi5RkX7tTBbIC69Mltte5p6syYw
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:24 PM UTC 2024] code='200'
[Fri May 17 02:43:24 PM UTC 2024] original='{
  "identifier": {
    "type": "dns",
    "value": "mail.clonimi.com"
  },
  "status": "invalid",
  "expires": "2024-05-24T00:07:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U",
      "validationRecord": [
        {
          "url": "http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U",
          "hostname": "mail.clonimi.com",
          "port": "80",
          "addressesResolved": [
            "162.254.32.239"
          ],
          "addressUsed": "162.254.32.239"
        }
      ],
      "validated": "2024-05-17T14:43:21Z"
    }
  ]
}'
[Fri May 17 02:43:24 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"invalid","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","validationRecord":[{"url":"http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","hostname":"mail.clonimi.com","port":"80","addressesResolved":["162.254.32.239"],"addressUsed":"162.254.32.239"}],"validated":"2024-05-17T14:43:21Z"}]}'
[Fri May 17 02:43:24 PM UTC 2024] original='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"invalid","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","validationRecord":[{"url":"http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","hostname":"mail.clonimi.com","port":"80","addressesResolved":["162.254.32.239"],"addressUsed":"162.254.32.239"}],"validated":"2024-05-17T14:43:21Z"}]}'
[Fri May 17 02:43:24 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"invalid","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","validationRecord":[{"url":"http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","hostname":"mail.clonimi.com","port":"80","addressesResolved":["162.254.32.239"],"addressUsed":"162.254.32.239"}],"validated":"2024-05-17T14:43:21Z"}]}'
[Fri May 17 02:43:24 PM UTC 2024] status='invalid
invalid'
[Fri May 17 02:43:24 PM UTC 2024] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403'
[Fri May 17 02:43:24 PM UTC 2024] errordetail='162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404'
[Fri May 17 02:43:24 PM UTC 2024] Invalid status, mail.clonimi.com:Verify error detail:162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404
[Fri May 17 02:43:24 PM UTC 2024] pid
[Fri May 17 02:43:24 PM UTC 2024] No need to restore nginx, skip.
[Fri May 17 02:43:24 PM UTC 2024] _clearupdns
[Fri May 17 02:43:24 PM UTC 2024] dns_entries
[Fri May 17 02:43:24 PM UTC 2024] skip dns.
[Fri May 17 02:43:24 PM UTC 2024] _on_issue_err
[Fri May 17 02:43:24 PM UTC 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Fri May 17 02:43:24 PM UTC 2024] _chk_vlist='mail.clonimi.com#h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA#http-01#/home/clonimi.com/mail.clonimi.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457,'
[Fri May 17 02:43:24 PM UTC 2024] start to deactivate authz
[Fri May 17 02:43:24 PM UTC 2024] Trigger domain validation.
[Fri May 17 02:43:24 PM UTC 2024] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:24 PM UTC 2024] _t_key_authz='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:24 PM UTC 2024] _t_vtype
[Fri May 17 02:43:24 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:24 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:24 PM UTC 2024] payload='{}'
[Fri May 17 02:43:24 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:24 PM UTC 2024] Use _CACHED_NONCE='YEjsK0piZj5Lgre4_69D96tlSi5RkX7tTBbIC69Mltte5p6syYw'
[Fri May 17 02:43:24 PM UTC 2024] nonce='YEjsK0piZj5Lgre4_69D96tlSi5RkX7tTBbIC69Mltte5p6syYw'
[Fri May 17 02:43:24 PM UTC 2024] POST
[Fri May 17 02:43:24 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:24 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:24 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:24 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:25 PM UTC 2024] _ret='0'
[Fri May 17 02:43:25 PM UTC 2024] responseHeaders='HTTP/2 400 
server: nginx
date: Fri, 17 May 2024 14:43:25 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: Tt2XD3cEVFxFWw1gKEb_bHZLPAb7tnHQPrpySmnnNZpuiunU0c4

'
...
  "detail": "Unable to update challenge :: authorization must be pending",
...
5

Why it is showing server as nginx? is this domain ponting to your server?

6

Yes, it’s my VPS and I’m the sys admin
It’s the same server for all my domains, and all mail-servers are working fine (CyPanel), except for this one.

7

@usmannasir anyone?

8

run these two commands and let me know
postmap -F hash:/etc/postfix/vmail_ssl.map
systemctl restart postfix

9

Hi Shoaib , @usmannasir

I ran the commands (I did already from your last post)
Nothing new, no errors, but when I run //email/testTo: I get the same SSL error, attached. I tried deleting the mailbox and creating it again. Same error.
Thanks

ss_2305_122855
ss_2305_1228551168×185 23 KB