Control Web Panel

WebPanel => E-Mail => Topic started by: Wonder on June 20, 2021, 01:07:18 AM

Title: Transfer server from cPanel, problems with mail-SSL
Post by: Wonder on June 20, 2021, 01:07:18 AM
I know the post is long, but for me it is important.

I have been using CWP for a few months, in principle, on test servers, by the time this day arrives.
Yesterday I started a transfer from cPanel to CWP Pro, this server is no longer testing, it is in production.
All good except the mail ...
The dns are in cloudflare, but both the hostname and the mail field are grayed out, that is, not proxy and they point directly to my VPS.
I create A register with the name "mail" and the ip of my VPS.
In MX Record I indicate: mail.mydomain.com
I ping mail.mydomain.com and it returns the ip of my VPS.
I use Thunderbird, I open it and .... it does not connect, no error but it stays connecting all the time ....
I check SSL, despite enabling LetsTry in mail service, it keeps crashing.
If I try to send an email it tells me that the self-signed server is invalid and shows me the CWP ...
Through the CWP panel I make a change of hostname, I indicate exactly the same as before.
Everything remains the same...
I want to change my mail server in Thunderbird from mail.mydomain.com to server.mydomain.com (which is the hostname), voila, then it works !!
Return to mail.mydomain.com ... stops working ...

The strange thing about all this is that, in cPanel it works, I just change the ip in the cloudflare dns records and it works perfectly through mail.mydomain.com.
(Right now I have the two VPS's, one with cPanel the other with CWP Pro).

The answer would be: Leave the hostname configured.

But no, I need it to work with mail.mydomain.com, I manage the VPS, the web is not mine, and the owners of the web need it to work this way.

Apart from that, I do not understand where the problem is, the SSL generated by Lets is only for the hostname?
I have activated the mail in SSL Admin services and it keeps failing.

Where is the problem? I'm starting to go crazy ... and I need to fix it relatively quickly or else you'll have to follow that site in cPanel ...

The fact is that, in one of the test VPS with CWP if I tried this and if I remember correctly, it worked.

I have read some threads, confirm me if I am not mistaken, CWP does not allow it? Doesn't allow SSL with mail.mydomain.com, only with the hostname?

Thanks and regards.
Title: Re: Transfer server from cPanel, problems with mail-SSL
Post by: studio4host on June 20, 2021, 08:47:13 AM
in the ssl manager you can enable SAN's for SSL like mail....for any domain.
Title: Re: Transfer server from cPanel, problems with mail-SSL
Post by: Wonder on June 20, 2021, 11:19:19 AM
Thanks for the reply.
If you referer a Module SSL Certificate in List Installed - Services - Admin Services, yes, I have installed this for mail.
And not work, the ssl generated is only for hostname (in this case: server.mydomain.com) and when configured DNS for point to mail.mydomain.com not work, appears a self signed certificate of/from CWP.

If you referer at other point, thanks if you can indicate to me.

This is my config:

(https://i.ibb.co/bWkHdzv/ssl.jpg) (https://ibb.co/987wYs4)

(https://i.ibb.co/QJtJRzm/ssl2.jpg) (https://ibb.co/x2d20P5)

I view all ok, I don't understand for what reasson not work with mail.mydomain.com...
Title: Re: Transfer server from cPanel, problems with mail-SSL
Post by: studio4host on June 20, 2021, 05:22:10 PM
you should probably check with your sysadmin or cwp support since that should be checked with exact domain names and in the config of the server.
Title: Re: Transfer server from cPanel, problems with mail-SSL
Post by: Wonder on June 20, 2021, 06:53:50 PM
After much reading, I came to the conclusion that email with SSL only works if we indicate the hostname.
Check with the sysadmin ... I'm the sysadmin of this VPS/site.
With CWP support ... what I have commented, after much reading in this forum, only works if we indicate the hostname.
That yes, it does not have any logic.
If I knew that CWP support solves it for me, I pay the support ticket (although I have put the Pro license on this server).
I have been able to do a "botch" to make it work, but I don't like it at all ...
I have a few days to make the decision, transfer from cPanel to CWP or transfer from cPanel to cPanel.
Currently I am in those days that I can do tests, but in a few days it will end where it is currently hosted and on the new host, or CWP or cPanel.
Funny because this, with cPanel does not happen, as I said in the first post, the dns point to Cloudflare, that is where I change the ip for the A records and for the A Mail record.
In CWP I have this problem, configured mail.mydomain.com does not see the certificate, it indicates that it is generated for my hostname (not for mail.mydomain.com) and my hostname is: server.domain.com
Despite the SAN, and as seen in the image, this for MAIL in SAN, it does not work (SSL is created and is only operational with server.mydomain.com).

If I do not get another solution, I will indicate how I "solved" it ...

Greetings.
Title: Re: Transfer server from cPanel, problems with mail-SSL
Post by: Starburst on June 24, 2021, 02:09:31 AM
I Agree with studio4host, this is a configuration issue, where you have something setup incorrectly.

Bets thing would be to purchase a support ticket so they can configure it for you, and then you can see how it is done.

Opening new threads isn't going to help.


Title: Re: Transfer server from cPanel, problems with mail-SSL
Post by: Wonder on June 24, 2021, 02:22:29 PM
In a way I don't agree that opening new threads doesn't help. I have configured many things thanks to threads that exist.

Another thing is that the policy of CWP is that, in the face of a problem of this type, a ticket is opened and not a thread, then, there I have nothing to say because it is the policy of CWP-Studio4Host.

Surprisingly I managed to solve it, as I said at the beginning, I solved it by making a configuration that I did not like at all, I could not say the exact word in English that describes it, I am going to use a translator, so I do not know how it will be: In my language it will be I'd say "botched" but it worked.

Well, I was doing the migration tests, so just before starting the migration I had a snapshot of the VPS, they were tests because the dns in cloudflare still pointed to the old ip (except in the moments of tests that it pointed to the new one) and there I saw that problem ...

Last night, I rolled back the snapshot to make the final transfer / migration ...

Before continuing, I had the snapshot with everything configured but without any migrated accounts. SW. installed from 0, CWP installed from 0 and the necessary settings for php-fpm and php.ini.

Well, my surprise comes when, doing exactly the same as the previous time ... now yes, mail.mydomain.com now works without any problem!
I start to look for the differences, the only one, when I did tests, I renewed the SSL certificate by pressing the renew button now, this time not, as the cPanel certificate had 2 days left, shortly after finishing the migration the system automatically renewed for 90 days, I just had to add SAN for mail and webmail and .... it works! Now it works well.
Yes, between my testing and last night, there was a CWP update but ... I highly doubt it.

Maybe it was that clicking on renew now affects something? I don't think so, but it's the only thing different ...

The rest of the process, identical, first I changed dns in cloudflare pointing to the new server in the mx record and mail.mydomain.com, I saw that everything was going well and .... I already changed the rest of the dns's.

For my part there is no explanation, I do not know if when there is a transfer it is different than if we create an account of 0 in CWP, for example, if I go to Domains-List Domains none appears (and I have two active accounts-domains ), but to think something ...

For the rest, what I mentioned (and this post is long) I did the process exactly the same as the other time, except that I let the certificate renew itself and ... it worked ...

Greetings!
Title: Re: Transfer server from cPanel, problems with mail-SSL
Post by: Starburst on June 25, 2021, 12:13:28 AM
Glad it's working for you now.

Yes, CWP by default, will auto generate a SSL certificate for the site thru Let's Encrypt.
But without the SANS (mail, webmail, ftp)

When you posted in both threads, it sounded like your SSL certificate or DNS wasn't setup correct.

Sometime it's easier for someone to login and see exactly what's going on.
Which is why CWP recommends that.
Title: Re: Transfer server from cPanel, problems with mail-SSL
Post by: Wonder on June 25, 2021, 06:58:30 AM
That's right, it works, and I'm happy about it too.

As I mentioned, I made the rollback and left the VPS in the starting state just to start transfer from cPanel (everything else was already configured) I made the transfer and the cPanel certificate had 3 days left.
As I mentioned, the only difference is that, this time, I did not give it to renew, but I did it automatically, when I realized it I added the SAN's .... once everything was configured, the first thing I did was change the MX record and the A "mail" record .... surprise to me that it worked ...
I did not make any other changes, well yes, the first time some change in the CWP dns records (I changed the cname of the mail record for an A record) this time no, but it lacks value when the dns from domain point, in this case , to cloudflare, then the dns are handled from there, and there all I did was change the ip of the old vps to the ip of the new one.

If it is something that I have never touched or do not know or similar, it is not difficult for me to indicate that it access CWP but it was so strange that ... either there was a bug or I had to fix it (I like to see the problem and solve it). Be careful, in a "patch" mode I had fixed it, but it was not the best option nor did I like it, having the possibility of SAN ...

Thanks for your reply.

Regards.
Title: Re: Transfer server from cPanel, problems with mail-SSL
Post by: Starburst on June 25, 2021, 07:26:44 AM
When using cloudflare setup is different, they also have data cached for faster responses.

"If it is something that I have never touched or do not know or similar, it is not difficult for me to indicate that it access CWP but it was so strange that ... either there was a bug or I had to fix it (I like to see the problem and solve it). Be careful, in a "patch" mode I had fixed it, but it was not the best option nor did I like it, having the possibility of SAN .."

CWP doesn't have a "patch mode", so I'm confused what you are talking about with that.

Or that you didn't like the possibility of a SAN.
You need the mail SAN so the mail client will not show an error.

That whole statement doesn't make sense.

It sounds like you might want to go back to the end user friendly cPanel or hire an experienced sys admin to handle your VPS in the future.
Title: Re: Transfer server from cPanel, problems with mail-SSL
Post by: Wonder on June 26, 2021, 11:23:13 AM
Yes, I am aware that Cloudflare maintains a cache, so I do not start the tests until I see that it has cached the new IP (with a simple ping you can see it).

About it ... well it is true that I did not explain myself well, I am not native English and my English is not very fluent, as I said, I used a translator and the result is not very good.

On the contrary, SAN must be used, it is not that there was a bug and I put a patch, the explanation is difficult because I cannot find the English word that describes what I wanted to express.

It is not about going back to cPanel or hiring an advanced systems administrator, this is another panel, a sys admin can be very good and not know CWP then ...
In my job I am a sys admin, neither the best nor the worst, I only do my job the best I can.

Here, in any case, it would have been hiring a CWP administrator, but as I mentioned before, I did everything exactly the same and, the first time it did not work, the second it worked perfectly.
Difference? None, the whole process was the same.

What I did the first time that it didn't work, what do I say I didn't like? (I mean I didn't like the kind of solution I did), create a subdomain mail.mydomain.com
With it, then fine.

Now, as I did rollback, I made the transfer and I didn't need it, from the first moment, everything was fine.

Not trying or trying to go back to cPanel or sys admin advanced ...
This problem is like the AutoSSL of cPanel, the difference is the type of support, and I understand it, the price difference is also huge!

Having said all that, I like CWP and I hope to continue for a long time and migrate more servers that I have spread over the wide width of the internet ...