SMTP SSL is Self Signed

Hi, I’m a little new to cyberpanel. I created an email for my organization and it was a fairly simple process. We enter the mail.domain info and everything on the IMAP side works fine with SSL, we aren’t having any issues with it. With SMTP, using mail.domain.com SSL/TLS on port 465 is seems we are getting a self signed cert issue which I’m not sure why we’re getting it. I decided to update my cyberpanel server, and reissue a Mailserver SSL for mail.domain.com but still getting the self signed cert error.

Here is a paste of my log(replaced my real domain name with generic “domain”):

[12.13.2021_17-14-37] Expecting value: line 1 column 1 (char 0)
[12.14.2021_00-00-03] [Errno 2] No such file or directory: ‘/home/cyberpanel/git’. [IncScheduler.git:90]
[12.14.2021_02-00-02] Running SSL Renew Utility
[12.14.2021_02-00-02] Checking SSL for domain.com.
[12.14.2021_02-00-02] SSL exists for domain.com. Checking if SSL will expire in 15 days…
[12.14.2021_02-00-02] SSL exists for domain.com and is not ready to renew, skipping…
[12.14.2021_02-00-02] Checking SSL for webmail.domain.com.
[12.14.2021_02-00-02] SSL exists for webmail.domain.com. Checking if SSL will expire in 15 days…
[12.14.2021_02-00-02] SSL exists for webmail.domain.com and is not ready to renew, skipping…
[12.14.2021_02-00-02] Checking SSL for mail.domain.com.
[12.14.2021_02-00-02] SSL exists for mail.domain.com. Checking if SSL will expire in 15 days…
[12.14.2021_02-00-02] SSL exists for mail.domain.com and is not ready to renew, skipping…
[12.14.2021_02-00-02] Checking SSL for cp.domain.com.
[12.14.2021_02-00-02] SSL exists for cp.domain.com. Checking if SSL will expire in 15 days…
[12.14.2021_02-00-02] SSL exists for cp.domain.com and is not ready to renew, skipping…
[12.14.2021_19-23-02] Trying to obtain SSL for: domain.com and: www.domain.com
[12.14.2021_19-23-02] /root/.acme.sh/acme.sh --issue -d domain.com -d www.domain.com --cert-file /etc/letsencrypt/live/domain.com/cert.pem --key-file /etc/letsencrypt/live/domain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/domain.com/fullchain.pem -w /home/domain.com/public_html -k ec-256 --force --server letsencrypt
[12.14.2021_19-24-44] Failed to obtain SSL for: domain.com and: www.domain.com
[12.14.2021_19-24-44] Trying to obtain SSL for: domain.com
[12.14.2021_19-26-26] Failed to obtain SSL, issuing self-signed SSL for: domain.com
[12.14.2021_19-26-26] {‘[email protected]’: (550, b’5.1.1 [email protected]: Recipient address rejected: User unknown in virtual mailbox table’)}
[12.14.2021_19-26-26] Self signed SSL issued for domain.com.
[12.14.2021_19-29-28] Trying to obtain SSL for: mail.domain.com and: www.mail.domain.com
[12.14.2021_19-29-28] /root/.acme.sh/acme.sh --issue -d mail.domain.com -d www.mail.domain.com --cert-file /etc/letsencrypt/live/mail.domain.com/cert.pem --key-file /etc/letsencrypt/live/mail.domain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.domain.com/fullchain.pem -w /home/mail.domain.com/public_html -k ec-256 --force --server letsencrypt
[12.14.2021_19-31-10] Failed to obtain SSL for: mail.domain.com and: www.mail.domain.com
[12.14.2021_19-31-10] Trying to obtain SSL for: mail.domain.com
[12.14.2021_19-32-52] Failed to obtain SSL, issuing self-signed SSL for: mail.domain.com
[12.14.2021_19-32-52] {‘[email protected]’: (554, b’5.7.1 [email protected]: Relay access denied’)}
[12.14.2021_19-32-52] Websites matching query does not exist. [installSSLForDomain:72]
[12.14.2021_19-32-52] Self signed SSL issued for mail.domain.com.
[12.14.2021_20-50-13] invalid literal for int() with base 10: ‘no’. [SSHServer.findSSHPort]
[12.14.2021_20-52-20] Trying to obtain SSL for: mail.domain.com and: www.mail.domain.com
[12.14.2021_20-52-20] /root/.acme.sh/acme.sh --issue -d mail.domain.com -d www.mail.domain.com --cert-file /etc/letsencrypt/live/mail.domain.com/cert.pem --key-file /etc/letsencrypt/live/mail.domain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.domain.com/fullchain.pem -w /home/mail.domain.com/public_html -k ec-256 --force --server letsencrypt
[12.14.2021_20-52-24] Failed to obtain SSL for: mail.domain.com and: www.mail.domain.com
[12.14.2021_20-52-24] Trying to obtain SSL for: mail.domain.com
[12.14.2021_20-52-26] Successfully obtained SSL for: mail.domain.com
[12.14.2021_20-52-26] {‘[email protected]’: (554, b’5.7.1 [email protected]: Relay access denied’)}
[12.14.2021_20-52-26] Websites matching query does not exist. [installSSLForDomain:72]

Not sure what else I can do. Hoping to get this fixed since its annoyance and many users use iOS default mail app or Gmail app and both really hate self signed certs and won’t connect at all.

Please private message me the domain name so that I could check its DNS entry whether its correct or not.

If using cloudflare, make sure you do not activate orange cloud proxy for mail subdomain. Also make sure your mail subdomain is not CNAME entry pointing to A record of domain which is proxied. Its better to have A record for mail subdomain pointing your server ip and orange cloud proxy isnt activated for it.

Failed to obtain SSL, issuing self-signed SSL for: handystore.ua

Make sure you have A record for your mail subdomain

delete mail domain folder from /etc/letsencrypt/live/ and install cretbot and ge ssl manually

and check if postfix using ssl of your primey mail domain