I reached out to my hosting support but they don’t support Let’s Encrypt so I’m reaching out here.
My domain is vphcodes.com. I ran the script in my build of WHM as noted here, https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/
I selected the two domains I have in the manageSSL menu in WHM and it seems that they both have CA signed certs now. My problem is my mail accounts don’t pass the checktls.com test. Here’s a paste of the results, https://paste.pound-python.org/show/OkBOSuyvgFxk2orBJocP/
Specifically line 41 is explaining the host could not be verified, and my inmotionhosting support has done all sorts of things that haven’t solved the problem. Mostly my fault though since they shouldn’t be expected to support 3rd party stuff. They changed my server hostname to mail.vphcodes.com to match my PTR record, but strangely the checktls report still shows that it’s comparing my old server hostname against the cert domain. The MXToolbox is showing my ‘rDNS does not match SMTP banner’’ https://mxtoolbox.com/SuperTool.aspx?action=smtp%3Amail.vphcodes.com&run=toolpage#
When I telnet in via telnet vphcodes.com 587 the banner is the old hostname of my server. So it seems like the support team just changed the hostname and nothing else?
I think I found a cpanel thread that could alleviate that but it was involving multiple dedicated IPs, where as I have one on a VPS(I can request more if need be). I don’t think that’s related to the cert issue though.
Quoting the support guy, ‘Unfortunately the server’s hostname only has an A record on the server, and does not have a document root by design. Becuase of this fact, the validation method of control that’s used by free certificate programs like auto ssl and letsencrypt do not work, because they used a hashed file that they access through the Internet to validate control. There is no way for them to do this with a server’s hostname because there is no web root.’
I’ve got root on a CentOS Linux release 7.3.1611 with Apache 2.4.25
I’m confident that I can get my server to pass the hostname check, I just need to be pointed in the right direction(step by step would be great too haha). My mail is being sent and received, but on the receiving end it seems like there’s a good chance it lands in spam, probably partially due to the lack of host verification. I plan to have more domains in the future and it would be lovely to have autossl setup the certs for those both web and email automatically. is it a matter of messing with the exim.conf file?
Thanks in advance guys x.x I’ve been reading docs and trying to figure this out for a couple days.