Wrong /etc/dovecot/sni.conf generated

rch7

Member
Sep 25, 2017
14
1
3
North America
cPanel Access Level
Root Administrator
Hello,
I have a domain in /etc/dovecot/sni.conf that uses main service cert instead of /var/cpanel/ssl/domain_tls/.. like other domains:
# Main cert for SNI

local_name "domain.com cpanel.domain.com cpcalendars.domain.com cpcontacts.domain.com direct.domain.com mail.domain.com webdisk.domain.com webmail.domain.com www.domain.com" {
ssl_cert = </etc/dovecot/ssl/dovecot.crt
ssl_key = </etc/dovecot/ssl/dovecot.key
}

I have tried to regenerate it with /scripts/build_mail_sni --rebuild_dovecot_sni_conf but it creates the same file.
What is the logic behind it? It breaks POP3/IMAP for domain.com clients as e.g. gmail POP3 fetcher requires SAN to match and main service cert only has hostname.domain.com and not mail.domain.com, unless you override it manually every 3 months.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
Hey there! That's odd for sure, as the only entry I'd expect to have the /etc/dovecot/ssl/* entries is the top entry for the hostname. We might need to strace the build_mail_sni command in order to see what is happening here - could you submit a support ticket to our team so we can look into this?