CyberHosting

TLS/SSL issues

I have tried updating the SSL for mail.stripps.io by both issuing a new Lets Encrypt SSL and by manually pasting in the wildcard SSL I have purchased bu no matter what I do I cannot https://www.checktls.com/TestReceiver to see the new SSL. It is reporting the SSL has expired but when I run a web server SSL test the SSL is fine. I'm obviously missing something! Its like its cached some where but I have restarted dovecot, postfix and the whole server a number of times with no luck.

Help would be appreciated!!!

Comments

  • The mail.stripps.io is the mail child domain?

    Try this in web terminal

    postmap -F hash:/etc/postfix/vmail_ssl.map
    Cyberpanel Managed & Unmanaged Shared & VPS Hosting by Cyberpanel Experts.
    https://www.cyberhosting.org
    You can now earn with the Cyberhosting affiliate scheme. Join today
    https://www.cyberhosting.org/affiliates/
  • The server has mail on mail.qwikz.com and I have a few domains on it - all of which run the same code. The only issue is that when I try to send mail from stripps.io I get the following in the email log:

    Jun 24 06:59:15 mail postfix/smtpd[36294]: connect from mail.qwikz.com[212.71.255.85]
    Jun 24 06:59:15 mail postfix/smtpd[36294]: SSL_accept error from mail.qwikz.com[212.71.255.85]: 0
    Jun 24 06:59:15 mail postfix/smtpd[36294]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:s3_pkt.c:1493:SSL alert number 45:
    Jun 24 06:59:15 mail postfix/smtpd[36294]: lost connection after STARTTLS from mail.qwikz.com[212.71.255.85]
    Jun 24 06:59:15 mail postfix/smtpd[36294]: disconnect from mail.qwikz.com[212.71.255.85] ehlo=1 starttls=0/1 commands=1/2

    So I was checking the SSL certs and all was fine, then I thought perhaps its something to do with the stripps.io domain as its the one wanting to send an email. Checking the domain stripps.io in https://www.checktls.com/TestReceiver reports an expired Lets Encrypt SSL but that domain is actually using a paid SSL.

    I ran the command you mentioned and got the following:

    Jun 24 07:14:19 mail postfix/postmap[37253]: warning: /etc/postfix/vmail_ssl.map.db: duplicate entry: "mail.stripps.io"
    Jun 24 07:14:19 mail postfix/postmap[37253]: warning: /etc/postfix/vmail_ssl.map.db: duplicate entry: "mail.stripps.io"
    Jun 24 07:14:19 mail postfix/postmap[37253]: warning: /etc/postfix/vmail_ssl.map.db: duplicate entry: "mail.abc-dev.co.uk"

    Looks like there could be an issue with duplicates like I thought?

    PS thanks for the reply!
  • That now seems to be working actually.
  • I have removed the duplicate lines in the file and re-run the command and no duplicates are now reported. My last question would be why is this using a Lets Encrypt SSL while checking the site SSL returns my paid SSL?

    Thanks again
  • So for my (and others) sake this is what is happening:

    I am updating the SSL on the child domain but the old certificate was still being used.

    After updating the SSL we need to run this command:
    postmap -F hash:/etc/postfix/vmail_ssl.map

    Which then updated the cert used.

    Cheers to hennaboy for his help
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!