SSL not working for Dovecot 993 – Let us fix this

SSL not working for Dovecot 993 means, the Dovecot SNI configuration hasn’t been updated with the path to the new certificate file.

As part of our Server Management Services, we assist our customers with several SSL queries.

Today, let us see how we can fix this error.

SSL not working for Dovecot 993

Suppose, we run the following command for the DOMAIN and also ports 443, 465, and 993 separately:

read -p "Domain && Port: " HOSTNAME PORT ;echo Q|openssl s_client -connect $HOSTNAME:$PORT -servername $HOSTNAME -showcerts

We will see that the new certificate is showing for port 443 (Apache) and 265 (Exim), but not for 993 (Dovecot/IMAP).

Alternatively, we can confirm the same by running the following command:

grep -Ei "$DOMAIN" /etc/dovecot/sni.conf

Here, the output will return no result.

What this means is that the Dovecot SNI configuration hasn’t been updated with the path to the new certificate file.

Most often, we see this happen when there are no email accounts under the domain in question.

If there is no email account associated with that domain then it will not update Dovecot’s SNI configuration.

Moving ahead, let us see how our Support Techs fix this error for our customers.

• Create a new email account

In order to create a new email account, we perform the following steps:

1. Initially, we enter a new email address in the Username text box.

Now, we need to be careful of a few things. They are:

a) We cannot enter Cpanel as an account name when we create an email account.

b) Once we create it, we cannot rename an email account or change its address.

However, with cPanel’s Forwarders interface, we can create a new address that forwards all mail to the existing account.

2. After that, we use the Domain menu to select the domain on which we want to create the email account.

3. In the Password section, we select, Set password now. Here, we need to enter a secure password.

In addition, we have the following actions:

a) We can click Generate to let the system create a secure password and reveal it.

b) Click the more icon to select password complexity settings. So that, the system can use these settings when it generates a new password.

c) Select Send log-in link to the alternate email address and enter an email address. The system will send a password creation link to this address.

However, this setting is available only if the hosting provider enables it.

4. Once done, we select the ‘Stay on this page after I click Create checkbox’ to create another email account.

5. Eventually, we click Create to create the account and return to the Email Accounts interface.

To cancel, we can click Go Back and return to the Email Accounts interface.

Once we complete these steps, to force-update Dovecot’s SNI configuration, we run:

whmapi1 rebuild_mail_sni_config reload_dovecot=1

[Stuck in between? We can help you out]

Conclusion

To conclude, we saw how our Support Techs fix the SSL issue for our customers.