Question

Cyberpanel smtp error SSL expired - With Solution

DigitalOcean - Problems with cyberpanel SSL certificate expired for use with SMTP after renew using let’s encrypt. You can’t send emails using an SMTP server.

Cyberpanel version 2.1 - Ubuntu 20.04

1) Step 1 - Check if your droplet is with this problem:

=======================================================

openssl s_client -starttls smtp -showcerts -connect mail.yourdomain.com:25 -servername mail.yourdomain.com

Example:

CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mail.yourdomain.com
verify error:num=10:certificate has expired
notAfter=May 18 18:33:25 2021 GMT
verify return:1
depth=0 CN = mail.yourdomain.com
notAfter=May 18 18:33:25 2021 GMT
verify return:1
---
Certificate chain
0 s:CN = mail.yourdomain.com
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
......

......
Start Time: 1622929789
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK

You need to go step 2:

***************
SOLUTION!
***************

Step 2: Run these commands:

===========================

postmap -F hash:/etc/postfix/vmail_ssl.map
systemctl restart dovecot.service
systemctl restart postfix

Bingo!

Your mail server will work fine!

Step 3 - Check if your droplet is working fine:

===============================================

openssl s_client -starttls smtp -showcerts -connect mail.yourdomain.com:25 -servername mail.yourdomain.com

Example:

CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mail.yourdomain.com
verify return:1
---
Certificate chain
0 s:CN = mail.yourdomain.com
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
.....

.....
Start Time: 1622949041
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Oh my. This gave me so much headache. I really appreciate the help. Now I need to bookmark this as this issue seems to crop up on every SSL certificate renewal.

Thank you very much. I wasted a lot of time search for solution to this problem. I am really grateful.

Hi there,

Thank you for sharing this solution with the community here!

Regards, Bobby