Configuring AutoSSL, IMAP, and AutoDiscovery

[ninereeds]

Hi All,

First post, so pardon any unintended ignorance.

I am managing a VPS on JustHost for a client, specs as follows:

/etc/redhat-release:CentOS release 6.8 (Final)
/usr/local/cpanel/version:11.62.0.17
/var/cpanel/envtype:kvm
CPANEL=release
Server version: Apache/2.4.25 (Unix)
Server built:   Feb 25 2017 22:10:03
Cpanel::Easy::Apache v3.34.12 rev9999
PHP 5.6.30 (cli) (built: Feb 25 2017 22:15:10)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
mysql  Ver 14.14 Distrib 5.5.54, for Linux (x86_64) using readline 5.1

It's the first time I have used WHM so I am somewhat feeling my way.

I had originally purchased an SSL Cert from RapidSSL and it worked fine, but then there have been updates, and the certificate needed renewing so I went through and reset all the certs and removed all the SSL hosts. I then enabled AutoSSL, and everything seems to have been re-created nicely. I carefully followed the relevant documentation, and it all seems to work.

But it trying to get things like Thunderbird autoconfiguring I ran into a problem: although Thunderbird chooses imap.domain.com it complains that the certificate is invalid and wants me to create an exception for server.domain.com which is the name that it says is on the cert.

CeckTLS.com reports everything is OK except the cert, and reports:

[020.663] Cert Hostname DOES NOT VERIFY (mail.domain.com != server.domain.com)
[020.663] So email is encrypted but the host is not verified

even though both mail and server are part of the cert.

So, question(s):

- how can I (or should I) get an AutoSSL cert to add imap.domain.com and smtp.domain.com names to the certificates?

or

- how can I (or should I) get the Autodiscover to set and use mail.domain.com or server.domain.com (or just domain.com) as the IMAP (and SMTP) server names

or

is there something else I should be doing?

Many thanks.

 

[cPanelMichael]

But it trying to get things like Thunderbird autoconfiguring I ran into a problem: although Thunderbird chooses imap.domain.com it complains that the certificate is invalid and wants me to create an exception for server.domain.com which is the name that it says is on the cert.

Hello,

You can browse to "WHM >> Tweak Settings" and enable the following option under the "Domains" tab:

"Thunderbird and Outlook autodiscover and autoconfig support (enables proxy subdomain and SRV record creation)"

This will automatically create autodiscover and autoconfig proxy subdomains as well as the autodiscover SRV records needed for Outlook and Thunderbird email auto configuration for local domains.

Could you enable this option and let us know if the issue persists, or let us know if this option is already enabled?

Thanks!

 

[ninereeds]

Hello,

You can browse to "WHM >> Tweak Settings" and enable the following option under the "Domains" tab:

"Thunderbird and Outlook autodiscover and autoconfig support (enables proxy subdomain and SRV record creation)"

This will automatically create autodiscover and autoconfig proxy subdomains as well as the autodiscover SRV records needed for Outlook and Thunderbird email auto configuration for local domains.

Could you enable this option and let us know if the issue persists, or let us know if this option is already enabled?

Thanks!

Thanks, but yes, I have enabled that.

 

[ronaldst]

I have the same issue going on and looking for a fix. There is no valid cert for the mail sub domain and results in a warning in Outlook.

Is it possible for AutoSSL to make and install cert for the mail sub domain?

 

[ninereeds]

I have the same issue going on and looking for a fix. There is no valid cert for the mail sub domain and results in a warning in Outlook.

Is it possible for AutoSSL to make and install cert for the mail sub domain?

Nice to know either it isn't me, or we have both made the same mistake!

 

[cPanelMichael]

Is it possible for AutoSSL to make and install cert for the mail sub domain?

Hello,

This should happen automatically as of cPanel version 60:

Change in mail. alias behavior for Apache server
The system now automatically creates an Apache server alias for the mail. subdomain for each domain, parked domain, and addon domain (but not subdomains). This allows the mail alias to appear in the same virtual host as the parent domain. We made this change in order to simplify Mail SNI and SSL certificate management and reduce unnecessary mail client warnings.

For example, Apache will now respond to mail.example.com as an alias for example.com. However, Apache will not automatically respond to mail.subdomain.example.com as an alias for the subdomain.example.com subdomains.

Link: 60 Release Notes - Version 60 Documentation - cPanel Documentation

Feel free to open a support ticket using the link in my signature if this isn't working on your system so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[ninereeds]

...

Feel free to open a support ticket using the link in my signature if this isn't working on your system so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

Thanks, Michael, but I am using a license provided by JustHost, I do not have a "Manage2, cPanel Store, or cPanel Customer Portal account".

Is there a way I still can?

 

[cPanelMichael]

Hello @ninereeds,

We generally ask that you consult with your provider first to see if they are able to help address the issue. However, you should still be able to create a new cPanel Customer Portal account when utilizing "WHM Home » Support » Create Support Ticket" if necessary.

Thank you.

 

[ninereeds]

OK, I'll try both.
Thanks

 

[tsipatos]

Hi our client is having the exact same issue. Did you get this resolved?

 

[ninereeds]

Hi our client is having the exact same issue. Did you get this resolved?

er, yes. I did as trhey suggested an opened a ticket directly with CPANEL. I can't remember what the fix was though, sorry.

 

[cPanelMichael]

New Hi our client is having the exact same issue. Did you get this resolved?

Could you browse to "WHM >> Manage AutoSSL", choose the "Logs" tab, and let us know of any error messages in the log file associated with the account username that's facing this issue?

Thank you.

 

[tsipatos]

Hello! I've checked the logs and no error message for the user account. BTW, already have a ticket opened 8825325 but not resolved.

 

[cPanelMichael]

BTW, already have a ticket opened 8825325 but not resolved.

I'll monitor this support ticket and update this thread with the outcome once it's closed.

Thank you.

 

[cPanelMichael]

ticket opened 8825325

To update, it looks like the issue stemmed from a non-default custom /var/cpanel/templates/dovecotSNI/main.local file. The advice in the support ticket was to remove this local template and then run the "/scripts/build_mail_sni" command to rebuild the mail SNI configuration.

Thank you.

 

[Vinayak]

To update, it looks like the issue stemmed from a non-default custom /var/cpanel/templates/dovecotSNI/main.local file. The advice in the support ticket was to remove this local template and then run the "/scripts/build_mail_sni" command to rebuild the mail SNI configuration.

Thank you.

Should this file (a newly recreated one) "/var/cpanel/templates/dovecotSNI/main.local" exist after rebuild?
I have noticed new file is not created.

Is there any out put from "/scripts/build_mail_sni" command, success/failure. There was none when I ran it.

 

[cPanelMichael]

Should this file (a newly recreated one) "/var/cpanel/templates/dovecotSNI/main.local" exist after rebuild?
I have noticed new file is not created.

Is there any out put from "/scripts/build_mail_sni" command, success/failure. There was none when I ran it.

No, it only exists if it's manually created. By default, you will only see the "main.default" file.

Thank you.