AutoSSL missing mail subdomains
Hello,
I run a cPanel hosting server with AutoSSL (Let's Encrypt). Until last week everything was running fine, but one day many customers started complaining that their e-mail clients where denying connection because of expired SSL certificates. In WHM I noticed many expired Let's Encrypt certificates, only to find out that Let's Encrypt TOS where updated and I had to agree to the new terms to re-enable AutoSSL cert renewal through WHM. Yeah, great.
After that I thought life would get back to normal, but now the customers were complaining about certificate incompatibility errors. It turns out that AutoSSL is no longer generating certificates for mail.domain.tld. Also, the cert copies that dovecot and exim use are not being updated as well.
So
/var/cpanel/ssl/domain_tls//*
certificate files get renewed, but the copies that exim and dovecot use, located at
/var/cpanel/ssl/domain_tls/mail./*
are still expired! Does anybody else have this problem?
-
check if the certificates were renewed properly, you can check it through logs at WHM >> Manage Auto SSL >> Click on Logs Logs will give you an idea of whats happening. 0 -
Thanks! I figured it out. It turns out that all mail.domain.tld server aliases had vanished from httpd.conf and /var/cpanel/userdata/* files. They should be there, according to this thread: Mail Subdomain added as alias to main domain in httpd.conf Luckily, I found a script that restores them: /usr/local/cpanel/scripts/add_mail_serveralias_to_userdata Then I had to "run Auto SSL for all users" through WHM. Why the mail.* aliases vanished in the first place, I have no clue! 0 -
Hello, I'm glad to see you were able to solve the issue. Thank you for updating us with the outcome. Why the mail.* aliases vanished in the first place, I have no clue!
Is it possible the entries were manually removed from the userdata files by someone with root access to the server? Thank you.0
Please sign in to leave a comment.
Comments
3 comments