Skip to main content

AutoSSL Mail Node

Comments

10 comments

  • cPRex Jurassic Moderator
    Hey there! Can you try running the following command to see if that provides any useful output? /usr/local/cpanel/bin/autossl_check --user=username
    Just replace "username" with the username of one of your accounts.
    0
  • ewerton.sanches
    Hey there! Can you try running the following command to see if that provides any useful output? /usr/local/cpanel/bin/autossl_check --user=username
    Just replace "username" with the username of one of your accounts.

    It returns to me that it is a child account, which in fact is because it is a mailnode server. Is there any other way to be able to issue SSL to mail.domain webmail.domain?
    0
  • cPRex Jurassic Moderator
    Alright, I've done some testing with this and reached out to the development team about this so I have some good answers for you. In general, AutoSSL is handled on the parent server. The only exception to this would be is if you're creating mail-only plans and you have created the account directly on the mail node machine. If you do have a directly-created account, you'll find that the AutoSSL tools work well. For a linked node where the account was created on the parent machine, all AutoSSL activity would happen on the parent - the '"username" is a child account. Skipping...' notice that you're getting is expected, as the parent controls the SSL. Does that help clear things up?
    0
  • ewerton.sanches
    Alright, I've done some testing with this and reached out to the development team about this so I have some good answers for you. In general, AutoSSL is handled on the parent server. The only exception to this would be is if you're creating mail-only plans and you have created the account directly on the mail node machine. If you do have a directly-created account, you'll find that the AutoSSL tools work well. For a linked node where the account was created on the parent machine, all AutoSSL activity would happen on the parent - the '"username" is a child account. Skipping...' notice that you're getting is expected, as the parent controls the SSL. Does that help clear things up?

    I fully understand your response. The mailnode is just a mail server, it inherits everything that is in the parent, but the IP pointing of webmail and mail is to the mailnode server, ie the parent server can not perform issuance of the SSL certificate. Another point the child server even being mailnode it does not give me the option to generate the autossl and this left me confused, if in case it becomes an exception and should work normally why the error? obs: Below is SSL generated by the primary parent server. Mail and Webmail are without authentication due to the pointing IP being for the mailnode.
    0
  • cPRex Jurassic Moderator
    That's the opposite of the behavior we're expecting to see. Could you create a ticket with our team so we can see your node and child in action? That will let us do some direct troubleshooting and we can get you more details then.
    0
  • cPRex Jurassic Moderator
    Our team found that the parent server was not the authoritative DNS server for the domains, so the certificate was not being issued, as that is a requirement for the distributed nodes to receive the certificate. You could also configure a DNS cluster with this server in order to get things working, but the DNS *has* to be handled by the parent server and not in a remote system in order for the certificate to get distributed to the chid.
    0
  • ewerton.sanches
    We're using a DNS cluster and the zones on the parent node, that's how we're able to emit SSL certificates normally on cPanel accounts that are not on the mail node.
    0
  • cPRex Jurassic Moderator
    At this point it is best to work through the ticket as we have access to the server there.
    0
  • WebJIVE

    Was this resolved? We're moving closer to mail node implementation

    0
  • cPRex Jurassic Moderator

    WebJIVE - I don't believe this thread indicates a general issue with the node system, as the problem was specific to this user's implementation.

    1

Please sign in to leave a comment.