Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Configuring AutoSSL, IMAP, and AutoDiscovery

Discussion in 'Security' started by ninereeds, Mar 24, 2017.

  1. ninereeds

    ninereeds Member

    Joined:
    Mar 24, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Perth, Australia
    cPanel Access Level:
    Root Administrator
    Hi All,

    First post, so pardon any unintended ignorance.

    I am managing a VPS on JustHost for a client, specs as follows:

    Code:
    /etc/redhat-release:CentOS release 6.8 (Final)
    /usr/local/cpanel/version:11.62.0.17
    /var/cpanel/envtype:kvm
    CPANEL=release
    Server version: Apache/2.4.25 (Unix)
    Server built:   Feb 25 2017 22:10:03
    Cpanel::Easy::Apache v3.34.12 rev9999
    PHP 5.6.30 (cli) (built: Feb 25 2017 22:15:10)
    Copyright (c) 1997-2016 The PHP Group
    Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    mysql  Ver 14.14 Distrib 5.5.54, for Linux (x86_64) using readline 5.1
    
    It's the first time I have used WHM so I am somewhat feeling my way.

    I had originally purchased an SSL Cert from RapidSSL and it worked fine, but then there have been updates, and the certificate needed renewing so I went through and reset all the certs and removed all the SSL hosts. I then enabled AutoSSL, and everything seems to have been re-created nicely. I carefully followed the relevant documentation, and it all seems to work.

    But it trying to get things like Thunderbird autoconfiguring I ran into a problem: although Thunderbird chooses imap.domain.com it complains that the certificate is invalid and wants me to create an exception for server.domain.com which is the name that it says is on the cert.

    CeckTLS.com reports everything is OK except the cert, and reports:

    [020.663] Cert Hostname DOES NOT VERIFY (mail.domain.com != server.domain.com)
    [020.663] So email is encrypted but the host is not verified

    even though both mail and server are part of the cert.

    So, question(s):

    - how can I (or should I) get an AutoSSL cert to add imap.domain.com and smtp.domain.com names to the certificates?

    or

    - how can I (or should I) get the Autodiscover to set and use mail.domain.com or server.domain.com (or just domain.com) as the IMAP (and SMTP) server names

    or

    is there something else I should be doing?

    Many thanks.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,386
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can browse to "WHM >> Tweak Settings" and enable the following option under the "Domains" tab:

    "Thunderbird and Outlook autodiscover and autoconfig support (enables proxy subdomain and SRV record creation)"

    This will automatically create autodiscover and autoconfig proxy subdomains as well as the autodiscover SRV records needed for Outlook and Thunderbird email auto configuration for local domains.

    Could you enable this option and let us know if the issue persists, or let us know if this option is already enabled?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ninereeds

    ninereeds Member

    Joined:
    Mar 24, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Perth, Australia
    cPanel Access Level:
    Root Administrator
    Thanks, but yes, I have enabled that.
     
  4. ronaldst

    ronaldst Well-Known Member

    Joined:
    Feb 22, 2016
    Messages:
    55
    Likes Received:
    7
    Trophy Points:
    8
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    I have the same issue going on and looking for a fix. There is no valid cert for the mail sub domain and results in a warning in Outlook.

    Is it possible for AutoSSL to make and install cert for the mail sub domain?
     
  5. ninereeds

    ninereeds Member

    Joined:
    Mar 24, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Perth, Australia
    cPanel Access Level:
    Root Administrator
    Nice to know either it isn't me, or we have both made the same mistake!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,386
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    This should happen automatically as of cPanel version 60:

    Link: 60 Release Notes - Version 60 Documentation - cPanel Documentation

    Feel free to open a support ticket using the link in my signature if this isn't working on your system so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. ninereeds

    ninereeds Member

    Joined:
    Mar 24, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Perth, Australia
    cPanel Access Level:
    Root Administrator
    Thanks, Michael, but I am using a license provided by JustHost, I do not have a "Manage2, cPanel Store, or cPanel Customer Portal account".

    Is there a way I still can?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,386
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @ninereeds,

    We generally ask that you consult with your provider first to see if they are able to help address the issue. However, you should still be able to create a new cPanel Customer Portal account when utilizing "WHM Home » Support » Create Support Ticket" if necessary.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. ninereeds

    ninereeds Member

    Joined:
    Mar 24, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Perth, Australia
    cPanel Access Level:
    Root Administrator
    OK, I'll try both.
    Thanks
     
  10. tsipatos

    tsipatos Registered

    Joined:
    Aug 26, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    iceland
    cPanel Access Level:
    Root Administrator
    Hi our client is having the exact same issue. Did you get this resolved?
     
  11. ninereeds

    ninereeds Member

    Joined:
    Mar 24, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Perth, Australia
    cPanel Access Level:
    Root Administrator
    er, yes. I did as trhey suggested an opened a ticket directly with CPANEL. I can't remember what the fix was though, sorry.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,386
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you browse to "WHM >> Manage AutoSSL", choose the "Logs" tab, and let us know of any error messages in the log file associated with the account username that's facing this issue?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. tsipatos

    tsipatos Registered

    Joined:
    Aug 26, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    iceland
    cPanel Access Level:
    Root Administrator
    Hello! I've checked the logs and no error message for the user account. BTW, already have a ticket opened 8825325 but not resolved.
     
    #13 tsipatos, Sep 2, 2017
    Last edited by a moderator: Sep 2, 2017
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,386
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I'll monitor this support ticket and update this thread with the outcome once it's closed.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,386
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    To update, it looks like the issue stemmed from a non-default custom /var/cpanel/templates/dovecotSNI/main.local file. The advice in the support ticket was to remove this local template and then run the "/scripts/build_mail_sni" command to rebuild the mail SNI configuration.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. Vinayak

    Vinayak Well-Known Member

    Joined:
    Jun 27, 2003
    Messages:
    275
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Bharat
    cPanel Access Level:
    Root Administrator
    Should this file (a newly recreated one) "/var/cpanel/templates/dovecotSNI/main.local" exist after rebuild?
    I have noticed new file is not created.

    Is there any out put from "/scripts/build_mail_sni" command, success/failure. There was none when I ran it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,386
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    No, it only exists if it's manually created. By default, you will only see the "main.default" file.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice