Symptoms
When you run the following command for your DOMAIN and also ports 443, 465 and 993 separately:
read -p "Domain && Port: " HOSTNAME PORT ;echo Q|openssl s_client -connect $HOSTNAME:$PORT -servername $HOSTNAME -showcerts
You will see that the new certificate is showing for port 443 (Apache) and 265 (Exim), but not for 993 (Dovecot/IMAP).
You can alternatively confirm the same issue by running the following command: (Replace $DOMAIN with the domain in question):
grep -Ei "$DOMAIN" /etc/dovecot/sni.conf
You will see that nothing will return. This means that Dovecot SNI configuration hasn't still been updated with the path to the new certificate file.
Description
This usually happens when there are no email accounts under the domain in question. If there are no email account associated with that domain then Dovecot's SNI configuration will not be updated. You can run the following command to confirm that there are indeed no email accounts associated with that domain: (Replace $DOMAIN with the domain in question)
read -p "Domain && Port: " HOSTNAME PORT ;echo Q|openssl s_client -connect $HOSTNAME:$PORT -servername $HOSTNAME -showcerts
Workaround
Create an email account for that domain using the instruction mentioned in this article:
How can I create an email account?
And then run the following command to force-update Dovecot's SNI configuration:
whmapi1 rebuild_mail_sni_config reload_dovecot=1
Comments
0 comments
Article is closed for comments.