CyberPanel: v2.3.1 OS: Centos 7
Hi, very much a beginner and feeling totally lost. I’ve been reading articles for two days straight but none the wiser.
Coming from shared hosting, I purchased VPS hosting and have setup a Wordpress website under the domain intervalle-arts.com.
I’d like to create e-mails for this website so I checked the option “Create Website/Additional features/Create Mail Domain”. This created the domain mail.intervalle-arts.com. I then edited the DNS CNAME (map, step, etc.) and added an MX record to point to this domain. I also added a TXT record with spf. I checked DNS checker after repopulating and everything looks good.
I issued SSL records for both the main domain (intervalle-arts.com) and the child domain (mail.intervalle-arts.com) via let’s encrypt via Cyberpanel OS. Cyberpanel says SSL certs were issued and valid for 89 days.
I debugged via SSH for intervalle-arts.com and mail.intervalle-arts.com and both return that SSL records are issued and stored in their respective folders.
[Fri Dec 2 04:41:43 UTC 2022] Your cert is in: /root/.acme.sh/mail.intervalle-arts.com/mail.intervalle-arts.com.cer
[Fri Dec 2 04:41:43 UTC 2022] Your cert key is in: /root/.acme.sh/mail.intervalle-arts.com/mail.intervalle-arts.com.key
[Fri Dec 2 04:41:43 UTC 2022] The intermediate CA cert is in: /root/.acme.sh/mail.intervalle-arts.com/ca.cer
[Fri Dec 2 04:41:43 UTC 2022] And the full chain certs is there: /root/.acme.sh/mail.intervalle-arts.com/fullchain.cer
[Fri Dec 2 04:41:43 UTC 2022] Installing cert to: /etc/letsencrypt/live/mail.intervalle-arts.com/cert.pem
[Fri Dec 2 04:41:43 UTC 2022] Installing key to: /etc/letsencrypt/live/mail.intervalle-arts.com/privkey.pem
[Fri Dec 2 04:41:43 UTC 2022] Installing full chain to: /etc/letsencrypt/live/mail.intervalle-arts.com/fullchain.pem
[Fri Dec 2 04:41:43 UTC 2022] _on_issue_success
The problem is, if I try to send a mail, I get a message saying that the R3 SSL certificate for mail.intervalle-arts has expired. According to my mail client:
ISRG Root X1 OK
(middle) R3 OK
mail.intervalle-arts.com R3 EXPIRED
If I check with SSL shopper everything looks good:
intervalle-arts.com SSL Checker
mail.intervalle-arts.com SSL Checker
I am totally new to this and totally lost. Have I done something wrong? Is there an option in Cyberpanel I’m missing? Is the whole mail.intervalle-arts.com domain a crazy idea and shouldn’t work?
Edit: here is SSL LABS report: https://www.ssllabs.com/ssltest/analyze.html?d=intervalle-arts.com&hideResults=on it gets an “A” ranking.
Edit: I’m also getting the “this site is not private” message and “NET::ERR_CERT_COMMON_NAME_INVALID” when I try to logon to CP OS. This is even though I’m forcing https. Chrome says I have an R3 cert from let’s encrypt issued yesterday and expires 2023. It also says this certificate is not valid.