Mailserver SSL not working

Hello everyone,

I have ran into quite a difficult problem to solve as I have been trying over and over to solve it but with no success yet. I am hoping that one person more intelligent than me can do something about it.

the problem is the SSL issued for mailserver which tend to always be a self signed certificate. However the problem seems more complex since I tried some command with putty.

Here is what I know and set up :

  • I have installed on mail.mydomain.com mautic
  • my mail server is also called the same " mail.mydomain.com "
  • I have set up DNS on Cloudflare for mail.mydomain.com pointing toward the right IP address and proxy greyed out as (A record).
  • another 2 MX records with mydomain.com as name and points toward mail.mydomain.com on content with 2 priority value different.
    -SSL for hostname / domain name works perfectly fine and issue SSL from let’s encrypt.

The situation at the beginning :
-Any mailserver SSL issued turned to a self signed SSL and this is the log I had :

Here is what I have tried that did some change to the system :
-run the command cyberpanel upgrade with : wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh
-run this command to issue SSL from prompt : /root/.acme.sh/acme.sh --issue -d mail.mydomain.com -d mail.mydomain.com --cert-file /etc/letsencrypt/live/mail.mydomain.com/cert.pem --key-file /etc/letsencrypt/live/mail.mydomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem -w /home/mail.mydomain.com/public_html --force --server letsencrypt

What the result has changed :
-with the second command, I have witnessed that going into cyberpanel => websites => list of websites => mail.mydomain.com the green box changed from " self signed SSL " to " let’s encrypt SSL ". However, when going on the website mail.mydomain.com, the SSL certificate seems not working and website still reads message of unsafety. Did this command issue SSL to a domain name and not a mailserver ?

I have then tried issueing mailserver SSL from cyberpanel SSL => mailserver SSL , and this is the log I have :

Now the log doesn’t show self signed SSL issueing so I ran into tls check and made an assessment, here is the result :


still a self signed SSL for mailserver… So I don’t know what to do… I am okay to share DNS or other information with moderators if that helps to solve the problems. Please help if you know where the problem can come from.

have the same problem!

i reinstalled the panel and it worked

Hello buddy,

may I know more in detail what you have done so I can follow your path and see if it works for me too ? When you said you reinstalled the panel, do you mean you went through a complete blank VPN and reinstall cyberpanel ?

Thank you very much for your answer and implication.

yes i went trough a complete blank vps and it worked for me but when i try to reinstall it on a clean vps yesterday it didnt work so there was maybe an update that fixed it

Got it, let me try that and I will tell you how it goes for me. If it works I ll use your answer and mark it as solution to help others having similar problems.

Alright after a first try out, I have wen through a complete re-installation of unbuntu 20.04 on a clean server. Upgraded, updated command then cyberpanel installation and… There must have been something wrong happening.

First, now, no SSL is working, all issued are self signed SSL even for domain names.

Second, and this to me is the weird part, I can still access my cyberpanel on a subdomain that I have set up on my previous installation before the re installation. I thought that reinstalling it would have erased my previous URL set up for main cyberpanel page but… looks like no.

To me, I feel like there are still some files that have been left somewhere.

May I ask if re-intalling in contabo comes from a completely clean server or do they still have some files left ?

oh lol i use contabo too! i think its fully clean install coz it takes a while

the url part is easier to explain, because maybe there is still a dns record pointing to the panel

i just tink its weird overall because who wants self signed certs?

yes for the DNS part it is quite logical. Dang, I don’t know exactly whats happens and results seem inconsistent it is hard to find what is wrong. I will try re-installing as you suggested in case it changes anything, but so far I had no success. It is also weird that previously with the exact same DNS set up, SSL issued were let’s encrypt ones and now it is self signed… It is giving headaches. May I ask you maybe what were your commends you used for installing cyberpanel ? Maybe there is something I havn’t done there ? Also if you are willing to share by blaking out sensitive data, I would be happy to see DNS setting to see where I am wrong.

i said yes to everything except the external mysql thing

try the commands:
postmap -F hash:/etc/postfix/vmail_ssl.map
systemctl restart dovecot && systemctl restart postfix

Hello Cibi, nice to meet you,

Alright after full clean installation,

I have decided to change one variable which was to put mautic on mautic.mydomain.com and mailserver is still mail.mydomain.com and was created whenever mydomain.com was built by ticking create mail domain.

I have then tried issuing SSL to my mailserver and still get a self signed one, however, this time I have the error in the logs saying :
[08.26.2022_08-53-07] /root/.acme.sh/acme.sh --issue -d mail.mydomain.com -d www.mail.mydomain.com --cert-file /etc/letsencrypt/live/mail.mydomain.com/cert.pem --key-file /etc/letsencrypt/live/mail.mydomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[08.26.2022_08-53-16] Successfully obtained SSL for: mail.mydomain.com and: www.mail.mydomain.com
[08.26.2022_08-53-16] Websites matching query does not exist. [installSSLForDomain:72]

and when checked on mail I still have the same emailserver with a fail TSL certificate.

I still havn’t tried the command from Cibi and will try them right now and see if it works any better.

OMG, CIBI I LOVE YOU. It worked :flushed:

Thank you so much buddies thank to you I ll be able to advance oh my god I was so desperate after all these tries.

I will mark Cibi’answer as solution as it worked for me and hope it will help other people in a similar situation.

Farewell dear friends, see you around the forum :hugs:.

1 Like

This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.