cyberpanel icon indicating copy to clipboard operation
cyberpanel copied to clipboard

Published 20 hours ago verified publisher icon usmannasir

[BUG] Mail SSL fails every 90day

Open Dreamer41 opened this issue 1 year ago • 7 comments

I cant connect SMTP I get message below

certificate Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

I have issued successfully new SSL for mailserver and mail domains, and restart postfix. When issue new SSL it show it's successfully issued but the new SSL won't be updated correctly somewhere in the server mail system. When do mail tester it show old certificate even new one is successfully installed. I have fix this issue now over a year every 90 days by running mail debugger but that can't be a permanent solution.

Below log from mail.

Sep 22 09:47:38 sgserver1 postfix/submission/smtpd[772857]: connect from mail.website.com[66.22.88.99] Sep 22 09:47:38 sgserver1 postfix/submission/smtpd[772857]: SSL_accept error from mail.website.com[66.22.88.99]: -1 Sep 22 09:47:38 sgserver1 postfix/submission/smtpd[772857]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:…/ssl/record/rec_layer_s3.c:1543:SSL alert number 45: Sep 22 09:47:38 sgserver1 postfix/submission/smtpd[772857]: lost connection after STARTTLS from mail.website.com[66.22.88.99] Sep 22 09:47:38 sgserver1 postfix/submission/smtpd[772857]: disconnect from mail.website.com[66.22.88.99] ehlo=1 starttls=0/1 commands=1/2

Operating system: Ubuntu 20.04

CyberPanel version: Latest

Dreamer41 avatar Aug 23 '23 09:08 Dreamer41

Same on CentOS.

Bug in postfix, file vmail_ssl.map.db not upadated automatically, after get new LE certificate. At this time, I do it manually

Akrobs avatar Oct 10 '23 18:10 Akrobs

@Akrobs Can you elaborate as to why you think this is a postfix bug? I'd love to tackle this.

Lvl4Sword avatar Dec 05 '23 23:12 Lvl4Sword

@Lvl4Sword, sorry I described the problem incorrectly. This is not a postfix problem, but a Cyberpanel problem. She doesn't update vmail_ssl.map.db, after the certificate issued. For any domain.

Akrobs avatar Dec 10 '23 23:12 Akrobs

@Akrobs Appreciate the update. I've got a little bit of a backlog I'm working on, but this is something I want to take a look at.

Lvl4Sword avatar Dec 11 '23 01:12 Lvl4Sword

Are there any updates on the SSL bug? I just did a fresh install and I can't get certs to work on the version I installed. The hostname cert worked fine, but the sites I created are not issuing SSL.

vectorcr avatar Jan 04 '24 12:01 vectorcr

This continues to happen even with the latest commit

Shinji3rd avatar Feb 11 '24 18:02 Shinji3rd

Hello everyone, Can I get assistance here? I have be struggling allot with this problem on Cyber Panel. I have performed Reverse DNS, Mail Certificate and still getting same error.

Error: Connection could not be established with host "ssl://mail.slash.casino:465": stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.

MoeedAther avatar Mar 01 '24 05:03 MoeedAther