AutoSSL missing mail subdomains

dario2

Member
Sep 21, 2002
12
0
151
Hello,

I run a cPanel hosting server with AutoSSL (Let's Encrypt). Until last week everything was running fine, but one day many customers started complaining that their e-mail clients where denying connection because of expired SSL certificates. In WHM I noticed many expired Let's Encrypt certificates, only to find out that Let's Encrypt TOS where updated and I had to agree to the new terms to re-enable AutoSSL cert renewal through WHM. Yeah, great.

After that I thought life would get back to normal, but now the customers were complaining about certificate incompatibility errors. It turns out that AutoSSL is no longer generating certificates for mail.domain.tld. Also, the cert copies that dovecot and exim use are not being updated as well.

So

/var/cpanel/ssl/domain_tls/<domain.tld>/*

certificate files get renewed, but the copies that exim and dovecot use, located at

/var/cpanel/ssl/domain_tls/mail.<domain.tld>/*

are still expired! Does anybody else have this problem?
 

Eminds

Well-Known Member
Nov 10, 2016
319
32
28
India
cPanel Access Level
Root Administrator
check if the certificates were renewed properly , you can check it through logs at WHM >> Manage Auto SSL >> Click on Logs

Logs will give you an idea of whats happening.
 

dario2

Member
Sep 21, 2002
12
0
151
Thanks! I figured it out. It turns out that all mail.domain.tld server aliases had vanished from httpd.conf and /var/cpanel/userdata/* files. They should be there, according to this thread:

Mail Subdomain added as alias to main domain in httpd.conf

Luckily, I found a script that restores them:

/usr/local/cpanel/scripts/add_mail_serveralias_to_userdata

Then I had to "run Auto SSL for all users" through WHM.

Why the mail.* aliases vanished in the first place, I have no clue!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello,

I'm glad to see you were able to solve the issue. Thank you for updating us with the outcome.

Why the mail.* aliases vanished in the first place, I have no clue!
Is it possible the entries were manually removed from the userdata files by someone with root access to the server?

Thank you.