search

usmannasir / cyberpanel

Cyber Panel - The hosting control panel for OpenLiteSpeed
GNU General Public License v3.0
1.49k stars 582 forks source link

[BUG] Mail SSL fails every 90day #1119

Open Dreamer41 opened 11 months ago

Dreamer41 commented 11 months ago

I cant connect SMTP I get message below

certificate Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

I have issued successfully new SSL for mailserver and mail domains, and restart postfix. When issue new SSL it show it's successfully issued but the new SSL won't be updated correctly somewhere in the server mail system. When do mail tester it show old certificate even new one is successfully installed. I have fix this issue now over a year every 90 days by running mail debugger but that can't be a permanent solution.

Below log from mail.

Sep 22 09:47:38 sgserver1 postfix/submission/smtpd[772857]: connect from mail.website.com[66.22.88.99] Sep 22 09:47:38 sgserver1 postfix/submission/smtpd[772857]: SSL_accept error from mail.website.com[66.22.88.99]: -1 Sep 22 09:47:38 sgserver1 postfix/submission/smtpd[772857]: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:…/ssl/record/rec_layer_s3.c:1543:SSL alert number 45: Sep 22 09:47:38 sgserver1 postfix/submission/smtpd[772857]: lost connection after STARTTLS from mail.website.com[66.22.88.99] Sep 22 09:47:38 sgserver1 postfix/submission/smtpd[772857]: disconnect from mail.website.com[66.22.88.99] ehlo=1 starttls=0/1 commands=1/2

Operating system: Ubuntu 20.04

CyberPanel version: Latest

Akrobs commented 9 months ago

Same on CentOS.

Bug in postfix, file vmail_ssl.map.db not upadated automatically, after get new LE certificate. At this time, I do it manually

Lvl4Sword commented 7 months ago

@Akrobs Can you elaborate as to why you think this is a postfix bug? I'd love to tackle this.

Akrobs commented 7 months ago

@Lvl4Sword, sorry I described the problem incorrectly. This is not a postfix problem, but a Cyberpanel problem. She doesn't update vmail_ssl.map.db, after the certificate issued. For any domain.

Lvl4Sword commented 7 months ago

@Akrobs Appreciate the update. I've got a little bit of a backlog I'm working on, but this is something I want to take a look at.

vectorcr commented 6 months ago

Are there any updates on the SSL bug? I just did a fresh install and I can't get certs to work on the version I installed. The hostname cert worked fine, but the sites I created are not issuing SSL.

Shinji3rd commented 5 months ago

This continues to happen even with the latest commit

MoeedAther commented 4 months ago

Hello everyone, Can I get assistance here? I have be struggling allot with this problem on Cyber Panel. I have performed Reverse DNS, Mail Certificate and still getting same error.

Error: Connection could not be established with host "ssl://mail.slash.casino:465": stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.