My mail SSL is still self-signed

Hello, my mail ssl is permanently self-signed. I tried this, but it was already set-up. I requested SSL for both mail.tenerhack.men and tenerhack.men. The ssl on the classic site works fine. I can even send e-mails, but not login to Thunderbird.
I tried looking at this https://community.cyberpanel.net/t/achieve-10-10-email-score-with-cyberpanel/30653, but again, no luck.
My DNS are all setup.
The domain is tenerhack.men and the mail subdomain is mail (mail.)

Thank you,
Filip

edit: seems as the issuing fails

[12.13.2021_10-33-22] Trying to obtain SSL for: mail.tenerhack.men and: www.mail.tenerhack.men
[12.13.2021_10-33-22] /root/.acme.sh/acme.sh --issue -d mail.tenerhack.men -d www.mail.tenerhack.men --cert-file /etc/letsencrypt/live/mail.tenerhack.men/cert.pem --key-file /etc/letsencrypt/live/mail.tenerhack.men/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.tenerhack.men/fullchain.pem -w /home/mail.tenerhack.men/public_html -k ec-256 --force --server letsencrypt
[12.13.2021_10-33-31] Failed to obtain SSL for: mail.tenerhack.men and: www.mail.tenerhack.men
[12.13.2021_10-33-31] Trying to obtain SSL for: mail.tenerhack.men
[12.13.2021_10-33-33] Failed to obtain SSL, issuing self-signed SSL for: mail.tenerhack.men
[12.13.2021_10-33-33] {'email@mail.tenerhack.men': (554, b'5.7.1 <email@mail.tenerhack.men>: Relay access denied')}
[12.13.2021_10-33-34] Websites matching query does not exist. [installSSLForDomain:72]
[12.13.2021_10-33-34] Self signed SSL issued for mail.tenerhack.men.

this seems to be the error when debugging

Could not get nonce, let's try again.

_authorizations_map=',<html><head><title>504 Gateway Time-out</title></head><body><center><h1>504 Gateway Time-out</h1></center><hr><center>nginx</center></body></html>
mail.tenerhack.men,{"identifier":{"type":"dns","value":"mail.tenerhack.men"},"status":"pending","expires":"2022-01-12T12:05:00Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/3WIEW4hc9SYCGdbLDEtv-g","status":"pending","token":"wDldvV91UsvlEhsDwd2t6_p2ww-3qzbiy31FlgFLW5o"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/Uh9la-1WhG7vEFuJdNPPXw","status":"pending","token":"596KhN073ffD6zrSdAwm-js-1E5rXG24uR0ExrVRHOM"}]}

You need to update your cyberpanel as your installation is trying for zeroSSL which was removed from cyberpanel and reverted to Letsencrypt as SSL issuer. Please upgrade your cyberpanel using this : 02 - Upgrading CyberPanel

After upgrading, try to issue SSL again.

OK, thank you! It solved the issue and I was able to issue a SSL for mail.tenerhack.men. Now I have problems with www.mail.tenerhack.men (not sure if I need SSL on this one), but the error is “404, redirect loop detected”. I have a CNAME on that domain, aliasing to mail.tenerhack.men as shown on DNS Checker - DNS Propagation Check & DNS Lookup

[Tue 14 Dec 2021 06:04:10 AM UTC] www.mail.tenerhack.men:Verify error:Fetching 404.html: Redirect loop detected
[Tue 14 Dec 2021 06:04:10 AM UTC] Debug: get token url.
[Tue 14 Dec 2021 06:04:10 AM UTC] Retrying GET
[Tue 14 Dec 2021 06:04:10 AM UTC] GET
[Tue 14 Dec 2021 06:04:10 AM UTC] url='http://www.mail.tenerhack.men/.well-known/acme-challenge/IjZkT-......
....
....
[Tue 14 Dec 2021 06:04:27 AM UTC] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 47
[Tue 14 Dec 2021 06:04:27 AM UTC] ret='47'
[Tue 14 Dec 2021 06:04:27 AM UTC] _hcode='47'
[Tue 14 Dec 2021 06:04:29 AM UTC] Debugging, skip removing: /home/mail.tenerhack.men/public_html/.well-known/acme-challenge/IjZk

www.mail.domain.tld is not even required as www will be subdomain of subdomain. mail.domain is already a subdomain. You can ignore this.

Are you having troubles with mail?

Yes. I still cannot login into Thunderbird and getting the self-signed cert error on port 143, which is correctly set in my rainloop admin panel, the user is the long version and the password is 100% good.

I just noticed, that even after successfully having it issued, the SSL came back to being self-signed. I will wait for a few days and try to renew it.

Your mail domain doesnt have proper SSL. You can click on “Websites” on left menu options of cyberpanel and then select “list domains” options under it. Then you will see your mail.tenerhack.men domain there.
You will see an option “issue SSL” there. Just click on it and see if it issues SSL properly.

If not, check the logs and let me know here. I will have a look

having same issue help me please SSL not working for mail server outlook and thunderbird not working and get error sent item not save and SSL nots ecure