Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED SNI email - Need to disable it or make it work

Discussion in 'Security' started by Jelf, Dec 12, 2016.

Tags:
  1. Jelf

    Jelf Member

    Joined:
    Jun 26, 2016
    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Redmond
    cPanel Access Level:
    Root Administrator
    I am still on the uphill side of the learning curve.

    Previously I obtained SSL certificates from Let’s Encrypt and when I did so I check SNI for email likely without fully understanding the implications of doing so.

    Now I have a new computer and after lots of installing/configuring the last issue to address is email. Thunderbird times out trying to connect to my email accounts.

    Earlier today I used AutoSSL and got and installed a fresh SSL certificate from Let’s Encrypt.
    Also in WHM I went to Manage Service SSL Certificates and loaded my certificate for Dovecot email and SMTP.

    I then copied that certificate (crt file) and imported it into Thunderbird.

    But my attempt to connect to an email account still times out.

    I would like to either:
    1. Get email SNI working
    or
    2. Turn off SNI for email

    Various posts online say SNI for email can be turned off on the Manage SSL Hosts panel. However, I do not see any check boxes in front of each entry on that panel as described in the online posts. I tried both Firefox and Chrome.

    The SSL certificate works fine with my domains.

    Any advice would be appreciated.
     
  2. Jelf

    Jelf Member

    Joined:
    Jun 26, 2016
    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Redmond
    cPanel Access Level:
    Root Administrator
    Good news. Thunderbird is now happily sending and receiving email. I did not have to accept any security exceptions.

    I deleted the certificate that I had imported into thunderbird. I think that was a mistake.

    Then I set up the new thunderbird accounts following the specs for my ISP and making sure I was using 'SSL/TLS' and 'normal password'.

    Tip: By default thunderbird will copy the contents of email in your inbox to your local drive. If you act quickly you can supress that and only receive the headers. Go to Account settings ==> Synchronization and uncheck the top box.

    Unless I am missing something I am now using my own Let's Encrypt SSL certificate for email.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm happy to see the issue is now resolved. That's correct, you should not have to manually import a certificate into the email client. cPanel version 60 supports Mail SNI and Domain TLS by default with AutoSSL:

    What is Domain TLS - cPanel Knowledge Base - cPanel Documentation

    Thanks!
     
Loading...

Share This Page