Cyberpanel Email Issues..

I have a weird one in my opinion, I'm working on transferring a live email server over to a fresh new Linode since I was having issues with the previous one and also needed a slight downsize. It's all fine and working but my issue is that the mail server is only receiving mail on altmail.domain.com instead of the mail.domain.com that I would like just to standardize it.

The way that I had transferred everything over was just using a simple backup of the original server and moved it onto the new server for restoration. After that, I deleted all the subdomains that I did not want on this server because I want the new one to server email only and no websites. While I was setting it up, I made DNS records in CloudFlare for altmail.domain.com to allow myself to have two email servers temporarily while it was being setup, then I could test it by just changing the priorities of the 2 MX records.

But my issue now is that when I went to swap to mail.domain.com in DNS, I get SSL errors on my phone's email client and the Outlook desktop app. Below is the logs I saw in CyberPanel's email log

Aug 8 17:03:33 localhost dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=[My Phone's IP], lip=[My Server's IP], TLS handshaking: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46, session=<a5lav2wc5vpcvl0g>
Aug 8 17:03:45 localhost dovecot: imap(user@domain.com)<12200><cmhcvmwcb 9cvl0g="">: Disconnected: Logged out in=28 out=559 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0</cmhcvmwcb></a5lav2wc5vpcvl0g>

I've tried what I can think of but I'm not sure how I can get around this right now. Yes, I tried to reissue the mail server SSL certificate, but nothing, same issue.

Post Writing this: I'm noticing now that both altmail.domain.com and mail.domain.com, so both of them, are failing SSL when connecting via SMTP. I am still able to successfully send and recieve emails via snappymail in a browser, but this is not my preferred method.

Any help would be appreciated.

Edit: I found that the issue is involved with the server failing to obtain an SSL cert from Let's Encrypt. Can't figure out why.

[08.08.2023_17-36-56] Status Code: 200 for: http://www.domain.com/.well-known/acme-challenge/domain.com
[08.08.2023_17-37-06] Status Code: 200 for: http://domain.com/.well-known/acme-challenge/domain.com
[08.08.2023_17-37-08] /root/.acme.sh/acme.sh --issue -d domain.com -d www.domain.com --cert-file /etc/letsencrypt/live/ajp.network/cert.pem --key-file /etc/letsencrypt/live/domain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/domain.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[08.08.2023_17-37-09] Failed to obtain SSL for: domain.com and: www.domain.com
[08.08.2023_17-37-09] Trying to obtain SSL for: domain.com
[08.08.2023_17-37-09] /root/.acme.sh/acme.sh --issue -d ajp.network --cert-file /etc/letsencrypt/live/domain.com/cert.pem --key-file /etc/letsencrypt/live/domain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/ajp.network/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[08.08.2023_17-37-10] Failed to obtain SSL, issuing self-signed SSL for: domain.com
[08.08.2023_17-37-10] {'email@domain.com': (550, b'5.1.1 email@domain.com: Recipient address rejected: User unknown in virtual mailbox table')}
[08.08.2023_17-37-11] Self signed SSL issued for domain.com.

2 Replies

I'm reading your post and it looks like you were able to get this resolved when you were finally able to obtain an SSL cert from Let's Encrypt. Would that be accurate?

If that's the case, I'm wondering if this was related to DNS propagation delays after the DNS records were updated. That would explain why it didn't work for a bit and then worked later with no obvious changes on your end.

When it comes to checking DNS issues, I love to use DNS Checker - DNS Check Propagation Tool to see what servers around the world are reporting. I use it to look up specific records, like A/AAAA, MX, or TXT records, and I also use the DNS Lookup tool to see what various resolvers are reporting. When things are working well, all of these will be the same information.

With SSL/TLS records, my two go-to tools are SSL Server Test (Powered by Qualys SSL Labs) for detailed SSL checks or SSL Checker for a quick validation tool.

Hopefully these tools will help if you encounter something like this again.

Hey watrick,

Yes, I did some digging and ran the SSL cert command directly from the shell and I got a response saying that Let's Encrypt had put a limit on my domain temporarily. I waited a few days and my server was eventually able to successfully obtain a valid SSL cert. All good now!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct