[Case 187749] Reinstalling an SSL certificate without SNI mail enabled

We're having the same problem since cPanel upgraded to 11.48.3.0

Startup Log:
Starting Dovecot Imap: doveconf: Fatal: Error in configuration file /etc/dovecot/sni.conf line 17: ssl_cert: Can't open file /var/cpanel/ssl/installed/certs/www_xxx_6529_362a663e4d04a4d256eaacc36d58dfc5.crt: No such file or directory
[FAILED]


EDIT: imap recovered after 4 failed restart attempts.

 

FYI, we were alerted last night that IMAP and POP3 were down. The error is the same as others have mentioned:

In checking /etc/dovecot/sni.conf, there is no reference to the domain I've redacted above on line 7, or anywhere in the config. We DO have an SSL certificate installed for this customer, and I think it was last week that I renewed that SSL certificate, and during installation, I'm very sure I unchecked the SNI checkbox. I definitely did NOT do anything related to SSL on this server yesterday... so I'm unsure why it chose last night to break Dovecot.

EDIT: I see that last night we were auto-updated from 11.48.3.0 to 11.48.4.2, so now we know WHY we got this error last night and not previously.

Frankly, I'd just as soon disable SNI for email at this time, especially if it's going to cause problems like this, but I am not sure of the best way. I never purposely enabled it, ever. It must have been auto-enabled during a WHM upgrade at some point.

- Scott

 

Thanks, Michael. That is exactly what is happening. Did my description help find this, or did you already have an open case on this?

- Scott

 

It happened again last night. I'm assuming the Internal case hasn't actually created a fix for this yet?

- Scott

 

Michael, is there a work-around for now? i.e. if I do not want to use SNI for mail at this time, can I do something so that future WHM updates don't cause POP and IMAP to repeatedly fail and cause late night alerts?

- Scott

 

Thanks @cPanelMichael, your code fixed they same issue I was having with same error etc... I do want to add some additional info that has lead myself to this same issue in case others are searching for it, since most got to this error from some other means and not doing anything with SNI/installing new certificate.
For example, I had an GeoTrust SSL on the cPanel services /server itself, but then changed the hostname (using on different new server/ISP etc...) and then went in to Manage Service SSL Certificates, under actions, Reset Certificate (wanted to use self-cert SSL) where it updated the correct certificate domain (newhostname.domain.com).
After I did that, this situation in this thread occurred and your script fixed that. If this helps one extra person searching for these other keywords to find your solution, great.

 

FYI, we had this happen again last night. In a slightly different plot twist... we had changed a customer's domain name via Modify Account. The customer had an SSL certificate prior to the change, and after the change we installed a new SSL certificate. Both times, we left the checkbox checked for SNI Mail.

When the server tried to do an upcp last night, Dovecot (IMAP & POP) died and could not be restarted. The error was:

Sure enough, when looking at /etc/dovecot/sni.conf, the OLD domain name (and the NEW domain name) were both in there. I'm assuming the fix is to simply remove the lines related to the OLD domain and restart Dovecot... which seemed to work. But maybe that sni.conf will get rebuilt with bad information and hose us again?

- Scott