SOLVED SNI email - Need to disable it or make it work

Jelf

Member
Jun 26, 2016
16
3
3
Redmond
cPanel Access Level
Root Administrator
I am still on the uphill side of the learning curve.

Previously I obtained SSL certificates from Let’s Encrypt and when I did so I check SNI for email likely without fully understanding the implications of doing so.

Now I have a new computer and after lots of installing/configuring the last issue to address is email. Thunderbird times out trying to connect to my email accounts.

Earlier today I used AutoSSL and got and installed a fresh SSL certificate from Let’s Encrypt.
Also in WHM I went to Manage Service SSL Certificates and loaded my certificate for Dovecot email and SMTP.

I then copied that certificate (crt file) and imported it into Thunderbird.

But my attempt to connect to an email account still times out.

I would like to either:
1. Get email SNI working
or
2. Turn off SNI for email

Various posts online say SNI for email can be turned off on the Manage SSL Hosts panel. However, I do not see any check boxes in front of each entry on that panel as described in the online posts. I tried both Firefox and Chrome.

The SSL certificate works fine with my domains.

Any advice would be appreciated.
 

Jelf

Member
Jun 26, 2016
16
3
3
Redmond
cPanel Access Level
Root Administrator
Good news. Thunderbird is now happily sending and receiving email. I did not have to accept any security exceptions.

I deleted the certificate that I had imported into thunderbird. I think that was a mistake.

Then I set up the new thunderbird accounts following the specs for my ISP and making sure I was using 'SSL/TLS' and 'normal password'.

Tip: By default thunderbird will copy the contents of email in your inbox to your local drive. If you act quickly you can supress that and only receive the headers. Go to Account settings ==> Synchronization and uncheck the top box.

Unless I am missing something I am now using my own Let's Encrypt SSL certificate for email.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,215
363
Good news. Thunderbird is now happily sending and receiving email. I did not have to accept any security exceptions.

I deleted the certificate that I had imported into thunderbird. I think that was a mistake.
Hello,

I'm happy to see the issue is now resolved. That's correct, you should not have to manually import a certificate into the email client. cPanel version 60 supports Mail SNI and Domain TLS by default with AutoSSL:

What is Domain TLS - cPanel Knowledge Base - cPanel Documentation

Thanks!