Secondary Domain Mail Server SSL not Trusted — CyberPanel - WebHosting Control Panel for OpenLiteSpeed
CyberLoader

Secondary Domain Mail Server SSL not Trusted

The Primary Domain SSL for the hostname, website and mail server has no issue. Outlook trust the SSL for the Primary mail server domain.
I was able to install Let's Encrypt SSL for the secondary domain website and mail server which can be verified when you open the child domain because it show "MAIL.ALLCOVEREDBYAC.COM HAS SSL FROM LET'S ENCRYPT.
Your SSL will expire in 89 days".
However, when you connect the secondary domain to Outlook it show that the SSL was not trusted with the following error:
This CA root certificate is not trusted.
Issued to: www.example.com
Issued by: www.example.com
Valid from: 3/3/2020 to 3/1/2030
Please help me to fix it. Thanks.

Comments

  • All my websites have Cname and A record and encrypted with Let's Encrypt SSL. All websites have no issue. The Primary domain mail server is trusted and no SSL issue.
    The problem is the secondary domain which you can see above that it was encrypted by Let's Encrypt. But when you connect it to MS Outlook it show not trusted and issued to www.example.com instead of allcoveredbyac.com.
  • I am using version 1.9.4 which automatically create a child mail server. The DNS are all okay and as you can see Let's Encrypt SSL was properly issued on the secondary domain mail server.
    "MAIL.ALLCOVEREDBYAC.COM HAS SSL FROM LET'S ENCRYPT.
    Your SSL will expire in 89 days".
    But when connect to Outlook it shows that the SSL was not trusted with the following error:
    This CA root certificate is not trusted.
    Issued to: www.example.com
    Issued by: www.example.com
    Valid from: 3/3/2020 to 3/1/2030
    I compared config of Dovecot of cPanel and CyberPanel. cPanel uses SNI and CyberPanel has none. cPanel has no SSL problem in the mail server of all domains. Is this due to no SNI in CyberPanel?
    Below is the dovecot.conf file SSL part in my CyberPanel account which also shows SSL was installed.
    local_name mail.rizalpalawan.gov.ph {
    ssl_cert = </etc/letsencrypt/live/mail.rizalpalawan.gov.ph/fullchain.pem
    ssl_key = </etc/letsencrypt/live/mail.rizalpalawan.gov.ph/privkey.pem
    }
    local_name mail.panel.rizalpalawan.gov.ph {
    ssl_cert = </etc/letsencrypt/live/mail.panel.rizalpalawan.gov.ph/fullchain.pem
    ssl_key = </etc/letsencrypt/live/mail.panel.rizalpalawan.gov.ph/privkey.pem
    }
    local_name mail.allcoveredbyac.com {
    ssl_cert = </etc/letsencrypt/live/mail.allcoveredbyac.com/fullchain.pem
    ssl_key = </etc/letsencrypt/live/mail.allcoveredbyac.com/privkey.pem
    }

    I also noticed in Postfix - main.cf that it use the last domain which I installed the SSL and not the Primary Domain which is my host name. My hostname with SSL is panel.rizalpalwan.gov.ph so that I can encrypt the contyrol panel https://panel.rizalpalawan.gov.ph:8090/ with no issue and my primary domain is rizalpalawan.gov.ph.
    Below is the content in Postfix main.cf
    myhostname = mail.allcoveredbyac.com
    mynetworks = 127.0.0.0/8
    Is this another problem?
  • I mean in cPanel Dovecot there is a SNI file which CyberPanel don't have.
    There is a vmail.ssl.map in postfix and here is the content.
    mail.rizalpalawan.gov.ph /etc/letsencrypt/live/mail.rizalpalawan.gov.ph/privkey.pem /etc/letsencrypt/live/mail.rizalpalawan.gov.ph/fullchain.pem
    mail.panel.rizalpalawan.gov.ph /etc/letsencrypt/live/mail.panel.rizalpalawan.gov.ph/privkey.pem /etc/letsencrypt/live/mail.panel.rizalpalawan.gov.ph/fullchain.pem
    mail.allcoveredbyac.com /etc/letsencrypt/live/mail.allcoveredbyac.com/privkey.pem /etc/letsencrypt/live/mail.allcoveredbyac.com/fullchain.pem
  • In actual, only my primary domain which is mail.rizalpalawan.gov.ph which is valid and trusted. The secondary domain which is mail.allcoveredbyac.com is not valid and trusted.
    The SSL cannot be installed by Outlook because using www.example.com like below:
    This CA root certificate is not trusted.
    Issued to: www.example.com
    Issued by: www.example.com
    Valid from: 3/3/2020 to 3/1/2030
  • I tried to add 2 more domains and only the primary domain has a valid and trusted SSL for mail server. The other 3 domains have successfully installed SSL for the mail server according to CyberPanel but in actual SSL is not valid and using www.example.com instead of their domains.
  • Impossible if using cPanel which also uses Let's Encrypt certificate all domains are trusted and valid in Outlook and other Mail software.
    I suspect the CyberPanel program is not capable of handling multiple SSLs for the mail servers of multiple domains.
  • I already move back all domains to cPanel due to this issue. When I use both CyberPanel and cPanel, all are Grey Cloud except the A and Cname for the website only. Mail Server, control panel, etc. are grey cloud so it use Let's Encrypt SSL.
    I know how to setup DNS in Cloudflare that is why the Primary Domain has no issue on the mail server of CyberPanel and all domains in cPanel.
    I also tried installing the Origin certificate of Cloudflare for the mailserver. Cloudflare SSL was installed according to CyberPanel but still shows www.example.com instead of my domain in Outlook.
    The test shows A+ and Let's Encrypt now because using cPanel.
    https://www.ssllabs.com/ssltest/analyze.html?d=mail.allcoveredbyac.com&hideResults=on
    I will try again using CyberPanel after the Update because I like this Control Panel and no issue for now if use on 1 domain and its subdomains.
  • I don't believe it is Outlook since the Primary Domain using CyberPanel and on All Domains on cPanel are okay. I've been using Cloudflare, Outlook and cPanel on many domains for 5 years and never encountered SSL problem on the mail servers.
  • Finally, I got it.
    I noticed that the last domain you add will have SSL validation error in mail server and will use www.example.com. I was able to validate the SSL for the mail server on 4 domains by installing SSL one by one then to validate the last website I made a dummy.com website (activate SSL) to validate all my website mailservers.
    Note: Issuing SSL on websites and subdomains has no issue and I am using Cloudflare.
    Thanks guys for your help.
  • Type your comment> @AlonaG said:
    > Finally, I got it.
    > I noticed that the last domain you add will have SSL validation error in mail server and will use www.example.com. I was able to validate the SSL for the mail server on 4 domains by installing SSL one by one then to validate the last website I made a dummy.com website (activate SSL) to validate all my website mailservers.
    > Note: Issuing SSL on websites and subdomains has no issue and I am using Cloudflare.
    > Thanks guys for your help.

    I didn't quite understand how you fixed it?

    So you're issueing SSL to foo.com + mail.foo.com + extrasubdomain.foo.com ?
    My issue is, in the log files it ends up doing a "self-signed certificate" instead of giving a proper SSL from let's encrypt. :/
  • I am having this same issue, my mailserver is mail.domain.com

    I have domain2.com, domain3.com, domain4.com, etc...

    Some of which I only use cyberpanel for email, nothing else.

    They all have MX Records to mail.domain.com

    Say I'm trying to sign in to [email protected], no other servers or features are being used just a blank domain in cyberpanel for mail to be hosted on cyberpanel, MX points to mail.domain.com, no A or AAAA records point to the cyberpanel server, it is complaining because it sees a self signed cert for www.example.com instead of mail.domain.com
  • Type your comment> @slimx said:
    >
    > So you're issueing SSL to foo.com + mail.foo.com + extrasubdomain.foo.com ?
    > My issue is, in the log files it ends up doing a "self-signed certificate" instead of giving a proper SSL from let's encrypt. :/

    I have the same issue, primary domain is ok with SSL from let's encrypt, the subdomain instead, even if I ISSUE the cert and cyberpanel says "SSL Issued: my.website.com" always have a self signed certificate.
  • > I have the same issue, primary domain is ok with SSL from let's encrypt, the subdomain instead, even if I ISSUE the cert and cyberpanel says "SSL Issued: my.website.com" always have a self signed certificate.

    Can you reach your subdomain in the browser (http/s)? Do you have a DNS zone scoping the subdomain?
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!