I have ran into quite a difficult problem to solve as I have been trying over and over to solve it but with no success yet. I am hoping that one person more intelligent than me can do something about it.
the problem is the SSL issued for mailserver which tend to always be a self signed certificate. However the problem seems more complex since I tried some command with putty.
I have set up DNS on Cloudflare for mail.mydomain.com pointing toward the right IP address and proxy greyed out as (A record).
another 2 MX records with mydomain.com as name and points toward mail.mydomain.com on content with 2 priority value different.
-SSL for hostname / domain name works perfectly fine and issue SSL from let’s encrypt.
The situation at the beginning :
-Any mailserver SSL issued turned to a self signed SSL and this is the log I had :
Here is what I have tried that did some change to the system :
-run the command cyberpanel upgrade with : wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh
-run this command to issue SSL from prompt : /root/.acme.sh/acme.sh --issue -d mail.mydomain.com -d mail.mydomain.com --cert-file /etc/letsencrypt/live/mail.mydomain.com/cert.pem --key-file /etc/letsencrypt/live/mail.mydomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem -w /home/mail.mydomain.com/public_html --force --server letsencrypt
What the result has changed :
-with the second command, I have witnessed that going into cyberpanel => websites => list of websites => mail.mydomain.com the green box changed from " self signed SSL " to " let’s encrypt SSL ". However, when going on the website mail.mydomain.com, the SSL certificate seems not working and website still reads message of unsafety. Did this command issue SSL to a domain name and not a mailserver ?
I have then tried issueing mailserver SSL from cyberpanel SSL => mailserver SSL , and this is the log I have :
still a self signed SSL for mailserver… So I don’t know what to do… I am okay to share DNS or other information with moderators if that helps to solve the problems. Please help if you know where the problem can come from.
may I know more in detail what you have done so I can follow your path and see if it works for me too ? When you said you reinstalled the panel, do you mean you went through a complete blank VPN and reinstall cyberpanel ?
Thank you very much for your answer and implication.
yes i went trough a complete blank vps and it worked for me but when i try to reinstall it on a clean vps yesterday it didnt work so there was maybe an update that fixed it
Got it, let me try that and I will tell you how it goes for me. If it works I ll use your answer and mark it as solution to help others having similar problems.
Alright after a first try out, I have wen through a complete re-installation of unbuntu 20.04 on a clean server. Upgraded, updated command then cyberpanel installation and… There must have been something wrong happening.
First, now, no SSL is working, all issued are self signed SSL even for domain names.
Second, and this to me is the weird part, I can still access my cyberpanel on a subdomain that I have set up on my previous installation before the re installation. I thought that reinstalling it would have erased my previous URL set up for main cyberpanel page but… looks like no.
To me, I feel like there are still some files that have been left somewhere.
May I ask if re-intalling in contabo comes from a completely clean server or do they still have some files left ?
yes for the DNS part it is quite logical. Dang, I don’t know exactly whats happens and results seem inconsistent it is hard to find what is wrong. I will try re-installing as you suggested in case it changes anything, but so far I had no success. It is also weird that previously with the exact same DNS set up, SSL issued were let’s encrypt ones and now it is self signed… It is giving headaches. May I ask you maybe what were your commends you used for installing cyberpanel ? Maybe there is something I havn’t done there ? Also if you are willing to share by blaking out sensitive data, I would be happy to see DNS setting to see where I am wrong.
I have decided to change one variable which was to put mautic on mautic.mydomain.com and mailserver is still mail.mydomain.com and was created whenever mydomain.com was built by ticking create mail domain.
I have then tried issuing SSL to my mailserver and still get a self signed one, however, this time I have the error in the logs saying :
[08.26.2022_08-53-07] /root/.acme.sh/acme.sh --issue -d mail.mydomain.com -d www.mail.mydomain.com --cert-file /etc/letsencrypt/live/mail.mydomain.com/cert.pem --key-file /etc/letsencrypt/live/mail.mydomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[08.26.2022_08-53-16] Successfully obtained SSL for: mail.mydomain.com and: www.mail.mydomain.com
[08.26.2022_08-53-16] Websites matching query does not exist. [installSSLForDomain:72]
and when checked on mail I still have the same emailserver with a fail TSL certificate.
I still havn’t tried the command from Cibi and will try them right now and see if it works any better.
.