SSL Certificates for Mail Only clients

itdrift

Registered
May 25, 2018
3
1
3
Portugal
cPanel Access Level
Root Administrator
When using cPanel "out of the box", it looks like email clients with "Mail Only" features should use the hostname as server name (IMAPS / SMTP) for SSL connection. But we want them to use their own domains, like "mail.domain.com" for connection. So when adding AutoSSL for the Mail Only feature group, and initiate a SSL cerificate, a SSL for "mail.domain.com" is generated, and the mail setup page in client cPanel "Set Up Mail Client for [email protected]" has changed the server name in "Mail Client Manual Settings" from the hostname to "mail.domain.com".

Ok, but when now trying to add this account into Microsoft Outlook with IMAPS/SMTP as "mail.domain.com", Outlook complains about error on the certificate. "The server you are connected to is using a security certificate that cannot be verified". When looking at the certificate, it is accessing the hostname and not the entered server name.

What are we doing wrong?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello @itdrift,

Can you browse to cPanel >> SSL/TLS Status for this account and verify that AutoSSL has issued a signed SSL certificate to the domain and to "mail.domain.tld"?

Thank you.
 

itdrift

Registered
May 25, 2018
3
1
3
Portugal
cPanel Access Level
Root Administrator
SOLVED:
The SSL was set up using AutoSSL. All prefixes were good/green (mail. / cpanel. etc) except the SSL for the domain itself without prefix. Probably because the main domain was not connected to an IP by an A-record. As this was a test domain, I added IP for the domain itself ("domain.tld"), which was the IP for the cPanel server, refreshed in AutoSSL, and soon the SSL was "green" for all prefixes and the domain itself. I now connected to the email account successfully. When later removed the IP for "domain.tld", and refreshed SSL, all were still working well and it was still possible to connect to the email account using "mail.domain.tld".

After this I've been able to connect AutoSSL to domains that had prefixes "mail.domain.tld" and "webmail.domain.tld" pointing to the cPanel server, and where "domain.tld", "www.domain.tld" and "*.domain.tld" are not pointing to the cPanel server. So I'm not quite sure what went wrong in the first case. Maybe only some slow DNS updating.
 
  • Like
Reactions: cPanelMichael