cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Not working right in cPanel email

I use cPanel email as well as a website and had to renew my SSL certificate (3rd party) back in January.  When I first installed it everything was working just fine email and my website with the new certificate dates being displayed.  Yesterday suddenly I can no longer send emails.  I figured out that it is because the previously expired certificate is being reported to my email client even though its been deleted from cPanel.  I tried to call GoDaddy support and just get the run around with the blame being placed on whoever issued the certificate.  This is clearly not what is going on and something is not right on the cPanel / GoDaddy server side.  The certificate is correct for my website itself but not for my email login which is displaying an old certificate (they are both the same domain name).  First, why is this happening all of the sudden after everything used to work?  Second, why is it even happening at all.  If the certificate is updated for the website, shouldn't it also be updated when accessing cPanel email with ssl?  Additionally, why is it finding a valid certificate for incoming mail SSL but not for outgoing?  I don't understand what is going on.

1 ACCEPTED SOLUTION
Resolver III

It looks like you installed your new certificate only for some of the applications. You may have noticed that when you set up your email client, there are separate instructions for incoming email (IMAP / POP3) and outgoing (SMTP). The reason is that email sending and receiving is provided by different applications. Your website will then be managed by your web server and cPanel can have its own access.

 

Even though all those applications are on the same domain and you really need only one certificate as they can share it, each application uses different port(s) and each of them has its own configuration that needs to be updated with a new certificate.

 

What probably happened yesterday was that your old certificate had expired and applications using it stopped working.

 

Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

View solution in original post

12 REPLIES 12
Resolver III

It looks like you installed your new certificate only for some of the applications. You may have noticed that when you set up your email client, there are separate instructions for incoming email (IMAP / POP3) and outgoing (SMTP). The reason is that email sending and receiving is provided by different applications. Your website will then be managed by your web server and cPanel can have its own access.

 

Even though all those applications are on the same domain and you really need only one certificate as they can share it, each application uses different port(s) and each of them has its own configuration that needs to be updated with a new certificate.

 

What probably happened yesterday was that your old certificate had expired and applications using it stopped working.

 

Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

View solution in original post

Well the old certificate expired two weeks ago and it was working fine until yesterday.

It's possible that you are correct about the certificate not being used for the particular port however there is only one place to in cPanel to set up a certificate and there isn't anything poet specific about it. The problem is not on the email client side because I can install a different client and it has the same issue. So how do I make this certificate attach to my ssl port for email?

I believe the only additional step is to enable "SNI for mail services", which is somewhere at the bottom of the certificate installation page. That should add SSL, and the new certificate to email services.

There is no such option that I can find in cpanel

it is well hidden, possibly only visible when you install a new certificate .... not directly a godaddy manual - but have a look at step 7. 

 

https://www.interserver.net/tips/kb/install-ssl-certificate-cpanel/

 

 

I don't have this option when I do the installation.  There is no check box.

I've talked to them on the phone now and they don't even know what SNI for mail services is.  Go figure.

right ....

 

it looks like it has to be done by selecting subdomains -> you need a certificate that covers all relevant ones.

 

here's an older question: 

https://uk.godaddy.com/community/cPanel-Hosting/SSL-not-being-configured-for-cpanel-email-calendar-e...

I shouldn't need to cover subdomains because the cpanel email uses my regular domain and not a subdomain.

What I also don't understand also is why it was working fine until yesterday even though the certificate that it is pulling expired on Feb 9th.  If a certificate is expired, it's expired.

According to the SSL certificate issuer the certificate should automatically be updating that port upon installation but it is not doing so because they get the same error when they try.  They walked me through a re-installation and tested the port implementation and their answer is "we will not be able to assist you as the issue is not in the SSL certificate installation, but rather in cPanel not working correctly"  and that I should "explain to GoDaddy that it is not the issue with the SSL certificate but more in their cPanel account not working as expected"  Godaddy is no help.

So the solution is to not use GoDaddy.  Migrated over to a new hosting provider, installed the certificate in the same manner and poof works like a charm.