Results 1 to 6 of 6

Thread: exim_sni not renewing Lets Encrypt for mail.domain.com

  1. #1
    Join Date
    Mar 2009
    Posts
    124

    exim_sni not renewing Lets Encrypt for mail.domain.com

    We have an issue with autorenewing SSL certificates for exim_sni for (i believe) all domains.

    I have followed setting this:

    https://directadmin.com/features.php?id=2019

    The domain and subdomain (domain.com and mail.domain.com) are visible in /etc/virtual/snidomains.

    Problem is, the cert in /usr/local/directadmin/data/users/username/domains/domain.com.cert.combined is NOT updated automaticly after Lets Encrypt renews.
    If i go to user level and "Save" it again, then the system rewrites this upper file. On Lets Encrypt autorenew its not.

    What could be the issue?

  2. #2
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,583
    So you're sure you don't have the "exim_sni" setting anymore in directadmin.conf? If yes, change it.

    If not, when the certificate is not updated there should be a notice with an error in the domains system messages section. What does it say?
    Greetings, Richard.

  3. #3
    Join Date
    Mar 2009
    Posts
    124
    Quote Originally Posted by Richard G View Post
    So you're sure you don't have the "exim_sni" setting anymore in directadmin.conf? If yes, change it.

    If not, when the certificate is not updated there should be a notice with an error in the domains system messages section. What does it say?
    There is only enable_ssl_sni=1 and mail_sni=1 in directadmin.conf.

    Funny thing is the LE ssl does update and renew, it just doesnt renew in the file i mentioned that keeps the mailserver cert renewed.
    No messages there.

  4. #4
    Join Date
    Mar 2009
    Posts
    124
    Any solution on this?

  5. #5
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,569
    Restart exim/dovecot and check again. If certs were renewed, but you see warnings in SMTP/POP/IMAP, you need to restart the services to let them to load updated certs.

  6. #6
    Without knowing specifics, it's tricky to debug, but I have seen issues where the hostname matches a User domain, which causes headaches, as if it's the hostname, the script won't look at the User LetsEncrypt settings.
    Beyond that, aside from guessing, I'd recommend creating a ticket, and include all names, hostname values, etc.. so it's easier to track down the cause.

    You could always manually test the renewal checks for a given domain to see what the dataskq is up to, eg:
    Code:
    echo "action=rewrite&value=mail_sni&domain=domain.com" >> /usr/local/directadmin/data/task.queue
    John

    John

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •