Mail SNI is enabled, but server certificate is used

mike817 · May 31, 2016

I have mail SNI enabled for my domain, but when I enter the settings into a mail client, the server certificate is pulled instead of the domain. Is this correct? From the documentation, I thought SNI would use the cert installed for the domain.

webhostuk · Jun 1, 2016

I feel its because the server is using the main Server shared IP that's the reason its pulling the server certificate and not the dedicated IP of your domain to send the emails.

Kevzon · Jun 1, 2016

How did you install the certificate and what type of certificate do you have ? (do you have WHM?)

mike817 · Jun 1, 2016

After some experimenting, it looks like the certificate is correct only when just the main domain is used in the email settings. So domain.com gets the correct certificate, while imap.domain.com gets the server one. Is that the correct implementation?

cPanelMichael · Jun 6, 2016

mike817 said: ↑

After some experimenting, it looks like the certificate is correct only when just the main domain is used in the email settings. So domain.com gets the correct certificate, while imap.domain.com gets the server one. Is that the correct implementation?
Click to expand...

Hello,

We have an internal case open to ensure the host used for "Mail SNI" purposes is displayed and integrated with the "Set Up Mail Client" option under "Email Accounts" in cPanel. Thus, if you installed a SSL certificate for "domain.com", and "Mail SNI" is enabled, then "domain.com" will display under "Manual Settings" in the "Set Up Mail Client" option in cPanel and in the automatic configuration scripts. I'll update this thread with more information on this case as it becomes available. In the meantime, you can manually update the email client to use "domain.com" to ensure the correct certificate is utilized.

Thank you.

AusDataHost2 · Aug 29, 2016

Iv just had this issue and the problem is the lack of mail. subdomain setup in apache.

If found if i remove the DNS entry for mail.<domain>, add the mail.<domain> sub domain via cpanel (and also install a lets encrypt cert for mail.<domain>) it works perfectly.

Changing the incoming server would be easier but with existing setups its not always easy e.g. Apple Mail does not allow it to be changed once an account is setup.

Bit manual but works for me for now.

cPanelMichael · Sep 1, 2016

Hello,

This topic is answered on the following thread:

AutoSSL not so good for email

Thank you.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mail SNI is enabled, but server certificate is used

mike817 Member

webhostuk Well-Known Member

Kevzon Member

mike817 Member

cPanelMichael Forums Analyst
Staff Member

AusDataHost2 Registered

cPanelMichael Forums Analyst
Staff Member

DKIM enabled any way to override for individual email addresses

New Thread Hold Mail in Queue for Mail Box Over Quota

New Thread How many emails are too many

List all Mail Forwarders

New Thread Where can I rewrite the "max defers and failures" email warning?

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mail SNI is enabled, but server certificate is used

mike817 Member

webhostuk Well-Known Member

Kevzon Member

mike817 Member

cPanelMichael Forums Analyst Staff Member

AusDataHost2 Registered

cPanelMichael Forums Analyst Staff Member

DKIM enabled any way to override for individual email addresses

New Thread Hold Mail in Queue for Mail Box Over Quota

New Thread How many emails are too many

List all Mail Forwarders

New Thread Where can I rewrite the "max defers and failures" email warning?

Share This Page

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member