Question

Cyberpanel smtp error SSL expired - With Solution

Posted June 6, 2021 83 views
Ubuntu 20.04

DigitalOcean - Problems with cyberpanel SSL certificate expired for use with SMTP after renew using let’s encrypt. You can’t send emails using an SMTP server.

Cyberpanel version 2.1 - Ubuntu 20.04

1) Step 1 - Check if your droplet is with this problem:

=======================================================

openssl s_client -starttls smtp -showcerts -connect mail.yourdomain.com:25 -servername mail.yourdomain.com

Example:

CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mail.yourdomain.com
verify error:num=10:certificate has expired
notAfter=May 18 18:33:25 2021 GMT
verify return:1
depth=0 CN = mail.yourdomain.com
notAfter=May 18 18:33:25 2021 GMT
verify return:1
---
Certificate chain
0 s:CN = mail.yourdomain.com
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
......

......
Start Time: 1622929789
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK

You need to go step 2:

***************
SOLUTION!
***************

Step 2: Run these commands:

===========================

postmap -F hash:/etc/postfix/vmail_ssl.map
systemctl restart dovecot.service
systemctl restart postfix

Bingo!

Your mail server will work fine!

Step 3 - Check if your droplet is working fine:

===============================================

openssl s_client -starttls smtp -showcerts -connect mail.yourdomain.com:25 -servername mail.yourdomain.com

Example:

CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mail.yourdomain.com
verify return:1
---
Certificate chain
0 s:CN = mail.yourdomain.com
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
.....

.....
Start Time: 1622949041
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
edited by bobbyiliev

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there,

Thank you for sharing this solution with the community here!

Regards,
Bobby