The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Exim SSL certificate Invalid for some email clients

Discussion in 'E-mail Discussions' started by ChrisWills, Jan 11, 2017.

Tags:
  1. ChrisWills

    ChrisWills Member

    Joined:
    May 24, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello guys,

    I am not sure if this is related to the latest update you released ( 62.0 (build 1)), however recently out of the blue the email clients used by the customers we have hosted with cPanel started returning errors that they are unable to verify the SSL certificate used for the email service. The SSL certificate is provided by Globalsign and it is fully valid. Upon checking the certificate with SSL checker the returned response is that the certificate is absolutely valid and of course trusted.

    Could you please point me to where I should start investigating this as currently the exim_mainlog reports no issues related to that matter.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,037
    Likes Received:
    1,278
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify the hostname utilized in the email clients for the affected users? For example, are they using "mail.theirdomain.tld" or an alternative hostname?

    Thank you.
     
  3. ChrisWills

    ChrisWills Member

    Joined:
    May 24, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Michael, nice to hear from you!

    The affected users were using the hostname of the server for which we have a valid certificate installed via WHM -> Manage Service SSL Certificates. The certificate was working flawlessly until a week or so.

    One side note to make is that we do have cPanel Let's Encrypt plugin installed (which we updated already to the most recent version). If an SSL certificate is installed via that plugin for mail.theirdomain.tld and if that is used for the incoming and outgoing mail service in the configuration of the mail clients for the affected users it works with no errors. I really hope that what I wrote here make sense.

    Best Regards!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,037
    Likes Received:
    1,278
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello Chris,

    cPanel version 60 introduced support for Domain TLS:

    What is Domain TLS - cPanel Knowledge Base - cPanel Documentation

    Thus, it's by design that users entering "mail.theirdomain.tld" in their email client allows for email clients to successfully connect via SSL with no warning messages.

    That said, users with the server's hostname configured as the mail server name in their email clients should still be able to connect without SSL warnings. The fact that warning messages are present suggests a potential issue with the hostname SSL certificate installed on the Exim or Dovecot services. Could you open a support ticket using the link in my signature so we can take a closer look at the system? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  5. ChrisWills

    ChrisWills Member

    Joined:
    May 24, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello again,

    Ticket has been opened. ID: 8127195

    Thank you!
     
    #5 ChrisWills, Jan 12, 2017
    Last edited by a moderator: Jan 16, 2017
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,037
    Likes Received:
    1,278
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, it looks like the issue was addressed by removing an expired wildcard SSL certificate that was still installed on the system.

    Thank you.
     
Loading...

Share This Page