Exim SSL certificate Invalid for some email clients

ChrisWills

• January 11, 2017 09:57

Hello guys, I am not sure if this is related to the latest update you released ( 62.0 (build 1)), however recently out of the blue the email clients used by the customers we have hosted with cPanel started returning errors that they are unable to verify the SSL certificate used for the email service. The SSL certificate is provided by Globalsign and it is fully valid. Upon checking the certificate with SSL checker the returned response is that the certificate is absolutely valid and of course trusted. Could you please point me to where I should start investigating this as currently the exim_mainlog reports no issues related to that matter.

• 

  cPanelMichael

  • January 12, 2017 14:32

  Hello, Could you verify the hostname utilized in the email clients for the affected users? For example, are they using "mail.theirdomain.tld" or an alternative hostname? Thank you.

  0
• 

  ChrisWills

  • January 12, 2017 14:39

  Hello Michael, nice to hear from you! The affected users were using the hostname of the server for which we have a valid certificate installed via WHM -> Manage Service SSL Certificates. The certificate was working flawlessly until a week or so. One side note to make is that we do have cPanel Let's Encrypt plugin installed (which we updated already to the most recent version). If an SSL certificate is installed via that plugin for mail.theirdomain.tld and if that is used for the incoming and outgoing mail service in the configuration of the mail clients for the affected users it works with no errors. I really hope that what I wrote here make sense. Best Regards!

  0
• 

  cPanelMichael

  • January 12, 2017 15:10

  Hello Chris, cPanel version 60 introduced support for Domain TLS: What is Domain TLS - cPanel Knowledge Base - cPanel Documentation Thus, it's by design that users entering "mail.theirdomain.tld" in their email client allows for email clients to successfully connect via SSL with no warning messages. That said, users with the server's hostname configured as the mail server name in their email clients should still be able to connect without SSL warnings. The fact that warning messages are present suggests a potential issue with the hostname SSL certificate installed on the Exim or Dovecot services. Could you open a support ticket using the link in my signature so we can take a closer look at the system? You can post the ticket number here so we can update this thread with the outcome. Thank you.

  0
• 

  ChrisWills

  • January 12, 2017 20:54

  Hello again, Ticket has been opened. ID: 8127195 Thank you!

  0
• 

  cPanelMichael

  • January 23, 2017 15:43

  Hello, To update, it looks like the issue was addressed by removing an expired wildcard SSL certificate that was still installed on the system. Thank you.

  0

Please sign in to leave a comment.