SSL Mail Certificate - Issue & Solution

themarcus

For those of you dealing with SSL mail issues (specifically with certificates), this might help you.

My Issue

I use Gmail to send emails via an email account hosted on my Ubuntu server. However, in order to do this securely, you must have an SSL mail certificate on your server. I used aaPanel to do this, and in the past it worked fine.

But then it stopped working. When I investigated, I discovered that Gmail was not seeing the correct SSL mail certificate. Even though I used aaPanel to set this correctly, it wasn't showing the correct SSL.

I verified this by running this command:

openssl s_client -starttls smtp -showcerts -connect domain.com:587

It kept showing me incorrect (old) certificate information.

The Problem

What I discovered after doing a lot of investigation is that aaPanel only allows for one mail certificate per server. Although it allows you to set multiple SSL mail certificates for various hosted domains, only one can be used at a time.

What I found is that aaPanel puts the server's SSL mail certificate in this directory:

/www/server/panel/plugin/mail_sys/cert/

Although you'll see subdirectories for the various domains that you created an SSL mail certificate for, the only one that is referenced by outside sources (i.e. Gmail) is the certificate in that "cert" folder. You should see two files in there:

fullchain.pem
privkey.pem

In my case, those certificates were not only expired but also not the correct ones.

The Solution

It's pretty simple.

Delete (or backup) the fullchain.pem and privkey.pem files in the "cert" directory, and replace them with the same named files from the subdirectory for the domain you want to use as the secure email domain for the mail server.

For example, let's say you created SSL mail certificates for two domains in aaPanel (domain1.com and domain2.com). And you want the mail certificate for the entire server to be associated with domain1.com.

Simply copy the fullchain.pem and privkey.pem files from the domain1.com subfolder into the "/www/server/panel/plugin/mail_sys/cert/" directory. And that should do it.

For me, once I did this, I was able to successfully set / verify SMTP Server, Username and Password details for the email address in Gmail so that I can securely send emails via Gmail via port 587.

I hope this post helps others with their issues. And I hope the aaPanel team will address the issue and get it fixed up.

aaP_uthali

hello,mate
I just tried your way. but it didn't work.

aaP_brunoviver10

i have same problem...I see that they updated the email serve mass cool... version 70.7, but they didn't fix the basics ssl long time have this fix, i cant configure smtp external fix ssl...Hestia panel not have this problem basic..=D

aaPanel_Kern

Hello, thank you for your feedback, it has been reported to development

aaP_brunoviver10