Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSL Certificates for Mail Only clients

Discussion in 'Security' started by itdrift, Oct 26, 2018.

  1. itdrift

    itdrift Registered

    Joined:
    May 25, 2018
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Portugal
    cPanel Access Level:
    Root Administrator
    When using cPanel "out of the box", it looks like email clients with "Mail Only" features should use the hostname as server name (IMAPS / SMTP) for SSL connection. But we want them to use their own domains, like "mail.domain.com" for connection. So when adding AutoSSL for the Mail Only feature group, and initiate a SSL cerificate, a SSL for "mail.domain.com" is generated, and the mail setup page in client cPanel "Set Up Mail Client for test@domain.com" has changed the server name in "Mail Client Manual Settings" from the hostname to "mail.domain.com".

    Ok, but when now trying to add this account into Microsoft Outlook with IMAPS/SMTP as "mail.domain.com", Outlook complains about error on the certificate. "The server you are connected to is using a security certificate that cannot be verified". When looking at the certificate, it is accessing the hostname and not the entered server name.

    What are we doing wrong?
     
  2. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,353
    Likes Received:
    147
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    Have you tried running autossl on the domain after it's set up and the dns is pointing to the server?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,005
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @itdrift,

    Can you browse to cPanel >> SSL/TLS Status for this account and verify that AutoSSL has issued a signed SSL certificate to the domain and to "mail.domain.tld"?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. itdrift

    itdrift Registered

    Joined:
    May 25, 2018
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Portugal
    cPanel Access Level:
    Root Administrator
    SOLVED:
    The SSL was set up using AutoSSL. All prefixes were good/green (mail. / cpanel. etc) except the SSL for the domain itself without prefix. Probably because the main domain was not connected to an IP by an A-record. As this was a test domain, I added IP for the domain itself ("domain.tld"), which was the IP for the cPanel server, refreshed in AutoSSL, and soon the SSL was "green" for all prefixes and the domain itself. I now connected to the email account successfully. When later removed the IP for "domain.tld", and refreshed SSL, all were still working well and it was still possible to connect to the email account using "mail.domain.tld".

    After this I've been able to connect AutoSSL to domains that had prefixes "mail.domain.tld" and "webmail.domain.tld" pointing to the cPanel server, and where "domain.tld", "www.domain.tld" and "*.domain.tld" are not pointing to the cPanel server. So I'm not quite sure what went wrong in the first case. Maybe only some slow DNS updating.
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice