For those who've run the autofixer manually, did you have to restart your server as well? Or, at least, is that recommended?
The issue exists when you use client domain name as smtp server not the hostname of your server
Facing the same problem here.
The security certificate for this server is invalid or expired. Therefore, connection to this server is not secure. Do you wish to continue anyway?
And I'm saying that I and my clients aren't having any issues using mail.clientdomain1.com, mail.clientdomain2.com or primary.host.name . Exim has all the matching cert info to allow them to connect without any warnings.
Hello,
community.letsencrypt.org
New certs failed with "A rate limit prevents DCV"
I've been using Lets Encrypt certs on this server for years. This morning when the certs were renewed, one of the domains failed to install the new cert with this message Analyzing “tinyislekauai.com”’s DCV results … 9:15:05 AM Trying 1 wildcard domain (*.tinyislekauai.com) to maximize...
community.letsencrypt.org
Update - if users are still experiencing issues with Exim, could those users please open a ticket so we can do some more investigation?
Seems it was a permission issue on some certs for us fixed with :
find /var/cpanel/ssl/domain_tls/* -type d -not -perm 755 -exec chmod -v 755 {} \;
find /var/cpanel/ssl/domain_tls/* -type d -not -perm 755 -exec chmod -v 755 {} \;
Yes!!! That did it ! Run permission change and it solved the problem!
While the permissions command does work in some specific situations, I would excercise caution in copy/pasting commands. Specifically, that command could potentially change the permissions of the pending_delete directory, which is not ideal. Something like this would be more effective:
but it's important to note we're still researching all these implications on our side before we provide an official update.
Code:
find /var/cpanel/ssl/domain_tls/ -mindepth 1 -maxdepth 1 -name .pending_delete -prune -o -type d -not -perm 755 -exec chmod -v 755 {} \;
Last edited:
PLEASE tell me you werent sitting on this fix and holding it back the entire day!!!
Changing the permissions back is as easy as
find /var/cpanel/ssl/domain_tls/* -type d -not -perm 644 -exec chmod -v 644 {} \; I looked at the permissions before, change it to 755, ran openssl check, works... changed back to 644, ran openssl, broken... change to 755 again.... AND SUCCESSS!!!
@TFyre - of course not - I'm posting information that is verified as soon as I get it. @monarobase submitted a ticket and was provided that command by our team recently.
Update - our team is pushing out two updates soon. One is a new version of the Let's Encrypt plugin for WHM. The second is a slightly updated autofixer.
We're still investigating the root cause of the permission problems that some users have experienced, and I'll be sure to post more about that as soon as I have details.
We're still investigating the root cause of the permission problems that some users have experienced, and I'll be sure to post more about that as soon as I have details.
The new Let's Encrypt plugin has been released. The updated version is cpanel-letsencrypt-v2-1.02-1.2.1.cpanel.noarch.rpm
The second autofixer has cleared our QA team and will be released shortly as well.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| C | Does cPanel Offer Free Certificate and does it work? | Security | 2 | |
| W | Any plans for updating cpanel-exim to 4.96 or newer? | Security | 3 | |
| M | New very dangerous security bug/feature in cpanel filter function | Security | 1 | |
| K | Need help with cPanel support IP addresses | Security | 1 | |
| C | cPanel Store not issuing new certs | Security | 5 |