The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Dovecot SSL config issue

Discussion in 'E-mail Discussions' started by tjmoore, May 9, 2014.

  1. tjmoore

    tjmoore Member

    Joined:
    Jun 23, 2005
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Hello,
    I have just deployed a new server to replace my old server which has been running for a little over 5 years without issue!

    During the change I elected to use Dovecot rather than Courier - the problem now, is that when you connect using SSL I get an SSL error:
    Unable to establish a secure connection to mail.mydomain.com.

    It has something to so with the self assigned SSL certificates I think - I have tried installing a Geotrust SSL, but I then get a domain mismatch error.

    The Dovecot SSL is assigned to my hostname (server.myserver.com) and I'm connecting to mail using mail.mydomain.com

    Is this correct, or do I need an SSL for every domain that connects to Dovecot ??

    Thanks.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's normal to see the domain mismatch message if you connect to your mail server using a different hostname than what's used for the SSL certificate. The best way to avoid that message is to connect using the SSL certificate name.

    Thank you.
     
  3. tjmoore

    tjmoore Member

    Joined:
    Jun 23, 2005
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Thanks, so if I setup an SSL for mail.myserver.com and connect to mail using mail.myserver.com will that work ?

    EDIT: just tried the above, doesn't work - domain mismatch error again. So do I have to setup an SSL for every domain that connects ?!
     
    #3 tjmoore, May 9, 2014
    Last edited: May 9, 2014
  4. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    The Services like :
    cPanel/WHM/Webmail Service
    Dovecot Mail Server
    Exim (SMTP) Server
    FTP Server

    are using the hostname of your WHM server.

    If you want to connect with mail.myserver.com you have to use a signed certificate for mail.myserver.com.

    If you have a single SSL cert it is usallly for www.myserver.com / myserver.com. You can buy a wildcard certificate which is working for *.myserver.com. The * is a placeholder. so mail/webmail/cpanel/www/ftp are all protected with one cert.


    If you have a few accounts on your server, the real problem is, that you cannot transfer accounts when your users are using SSL for Emails. Since the hostname is configured in the mailclients a accounttransfer means they have to change the hostname on every account on every device.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Please keep in mind that certificates for services such as Dovecot are manged via:

    "WHM Home » Service Configuration » Manage Service SSL Certificates"

    You should not receive a domain mismatch error if you are connecting to the mail server with the SSL certificate name from the above option configured in your email client.

    Thank you.
     
  6. fsw_1

    fsw_1 Registered

    Joined:
    May 14, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello I have a similar issue.

    I don't know if I understood the answer correctly.

    Not every customer wants to buy an ssl certificate for their domain. But I can also understand that the customers are confused when they get a pop up warning when logging in their control Panel or webmail. To avoid these conversations with customers, we are looking for a global solution.

    So if I get an ssl certificate for: server.hostname.com - will the ssl Warning not appear anymore?

    I am kind of struggling with this. Because I saw that the company thawte has an SSL Certificate - for Webserver
    and in there it says: "Create a secure, private connection between a web browser and web server, including gateways, web forms, mail and FTP servers, and VPNs with up to 256-bit SSL encryption"

    Now I am confused, do we need a normal ssl Certificate or a Webserver Certificate for our Cpanel customer Accounts, so that they don't get the popup Browser Warning?

    Can someone please help me to get this issue handled? If there was a url for each cpanel Customer login link, what would this url look like? How do other hosting companies handle this issue?

    I hope someone can help.

    thank you
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Your customers will need to use the hostname of the server in their email client mail settings if that's the host you purchased the SSL certificate for. However, it sounds like you may be seeking functionality that does not exist. There is a feature request open at:

    SSL certificate per domain on all services | cPanel Feature Requests

    Thank you.
     
Loading...

Share This Page