Solved AutoSSL causing error "the principal name is invalid" error.

Richard G

Richard G

Verified User
Joined
Jul 6, 2008
Messages
13,524
Location
Maastricht
I had an issue with enabling autoSSL in this topic:

Notice Autossl not enabled, while enabled on old accounts and best match option missing

On my servers the autossl was not enabled due to one of the options not having been automatically set to 1 during the update, so I enabled it manually. After that, autossl should work but most of our user still like the enhanced skin better (me too) and there it says: "Automatic SSL not...
forum.directadmin.com forum.directadmin.com
That fixed the enabling of autossl, but created a new problem.

After changing to AutoSSL on the domain I will get the error: "the target principal name is invalid".
I have seen that after changing the setting to autossl, DA created a new certificate so I thought things were good.

When looking at the certificate it seems valid, but still Outlook keeps giving this error notice.

So I changed back to the Letsencrypt choice and now the issue is gone. (you have to close and open Outlook again too).

How can this be fixed that if changed to autossl, it will not throw this error when a customer changes to autossl?
 
No it's not that. Server and hostname etc. is not changed, it's pure when user changes the setting to autossl. So no hostname or mailserver banner changes are applied.
 
Is after that change a good Certificate for Letsencrypt on that mx record so for the mail.domain.url ?

( default setting in DA is often only non www and www for domain where i had problems to sometimes not on al of them)

Banner and outbound are on hostname. though
 
It's only after change the normal Letsencrypt to AutoSSL. Read my other topic, there I explained on how to do that. :)
 
I found the cause and it's a reproducable bug.

If you change in enhanced skin as a user to autossl, then you get some notice, seems al things would be fine.

However, when doing this change, the domain.nl.conf is deleted automatically from /etc/dovecot/conf/sni causing the "the principal name is invalid" due to the missing config file in this directory.

The certificate is not re-created and also is gone from the system. Because yesterday I have waited a day and nothing happened.
Under "Sni host" it says "no available data". Next retry says 17:35 hours, but it's already 17:38 so something is surely going wrong there. Old certificate is not being used, no new is created either.

So both certificate -and- conf are deleted causing an issue.
 
Last edited:
Well... seems my certificate is suddenly back, so existing again.

For some reason, on the other account used, autosssl did not create a new certificate and new sni domain.nl.conf file, even after a night, causing the issue I had.
I now tried with another older account, and happened as described before.

However this time autossl seemed to have seen the change and replaced the certificate and also created the sni conf again after some minutes.

Now hope that it stays this way and that it will not be removed again.
 
Last edited:
You must log in or register to reply here.
Back
Top