In Progress [CPANEL-33077] Letsencrypt transition to ISRG’s Root (Important!!!!!)

mtindor

Well-Known Member
Sep 14, 2004
1,452
110
193
inside a catfish
cPanel Access Level
Root Administrator
@mtindor: CL 7.9, cPanel 98.0.8, yum update done, patches run
@cPRex: switching to Sectigo does not solve the exim problem either (port 465 returning certificate with system hostname as common name and not mail.company.com)
Not sure what to say about that. No issues here with Exim on CL6 ELS.
 

Misiek

Well-Known Member
Feb 23, 2004
130
3
168
cPanel Access Level
Root Administrator
Not sure what to say about that. No issues here with Exim on CL6 ELS.
The issue exists when you use client domain name as smtp server not the hostname of your server

Sending of the message failed.
Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
The configuration related to mail.domain.pl must be corrected.
 
  • Like
Reactions: dandadude

mtindor

Well-Known Member
Sep 14, 2004
1,452
110
193
inside a catfish
cPanel Access Level
Root Administrator
The issue exists when you use client domain name as smtp server not the hostname of your server
And I'm saying that I and my clients aren't having any issues using mail.clientdomain1.com, mail.clientdomain2.com or primary.host.name . Exim has all the matching cert info to allow them to connect without any warnings.
 

ciao70

Well-Known Member
Nov 3, 2006
108
21
168
Hello,

 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,667
1,853
363
cPanel Access Level
Root Administrator
While the permissions command does work in some specific situations, I would excercise caution in copy/pasting commands. Specifically, that command could potentially change the permissions of the pending_delete directory, which is not ideal. Something like this would be more effective:

Code:
find /var/cpanel/ssl/domain_tls/ -mindepth 1 -maxdepth 1 -name .pending_delete -prune -o  -type d -not -perm 755 -exec chmod -v 755 {} \;
but it's important to note we're still researching all these implications on our side before we provide an official update.
 
Last edited:
  • Like
Reactions: eva2000

TFyre

Registered
Oct 1, 2021
4
3
3
South Africa
cPanel Access Level
Root Administrator
While the permissions command does work in some specific situations, I would excercise caution in copy/pasting commands. Specifically, that command is also changing the permissions of the pending_delete directory, which is not ideal. Something like this would be more effective:

Code:
find /var/cpanel/ssl/domain_tls/ -mindepth 1 -maxdepth 1 -name .pending_delete -prune -o  -type d -not -perm 755 -exec chmod -v 755 {} \;
but it's important to note we're still researching all these implications on our side before we provide an official update.
PLEASE tell me you werent sitting on this fix and holding it back the entire day!!!

Changing the permissions back is as easy as find /var/cpanel/ssl/domain_tls/* -type d -not -perm 644 -exec chmod -v 644 {} \;

I looked at the permissions before, change it to 755, ran openssl check, works... changed back to 644, ran openssl, broken... change to 755 again.... AND SUCCESSS!!!
 
  • Like
Reactions: dandadude

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,667
1,853
363
cPanel Access Level
Root Administrator
Update - our team is pushing out two updates soon. One is a new version of the Let's Encrypt plugin for WHM. The second is a slightly updated autofixer.

We're still investigating the root cause of the permission problems that some users have experienced, and I'll be sure to post more about that as soon as I have details.