Let's Encrypt is not working in PHP for SMTP mail in Webuzo Panel


#21

So with Comodo Positive SSL I AM able to send email in SMTP Mailer Wordpress, if as I do today remove Positive SSL and Install Let’s Encrypt as you can see from the screen I receive error.
I do not why and where is the issue. I was thinking that was a Let’s Encrypt issue…

So I gone immediately back to Positive SSL as if the certificate create mail issue I start to having issue with Wordpress, OsTicket, etc.

For now I have more than one year of validity for the Positive SSL but in future when this certificate expire I will be able to move to the Let’s Encrypt certificate so I can reduce cost… as I AM not into business and I have no money entrace is expensive pay VPS, Panel and also SSL :slight_smile: also if this issue is solved many user can have benefit of this… I AM asking where the issue can be, if is my VPS Control Panel Webuzo who has integrated Let’s Encrypt or where the issue can be :smiley: Thanks


#22

I believe @Osiris was right to suggest (several times) that the intermediate certificate is missing from the chain. If you used Certbot to obtain your certificate, please be sure to use fullchain.pem, not cert.pem, when configuring servers.

If you used something other than Certbot to obtain the certificate, please be sure that you have configured the intermediate certificate.

This is not a problem with the certificates, but a problem with using the wrong files when configuring the server.


#23

Thank you,
I will foward this to Softacoulous, Webuzo Team as the Let’s Encrypt certificate is installed by the panel.
This will help all user of that panel to solve the issue with Let’s Encrypt. I AM just an user of the panel.


#24

Cool, I hope they succeed in fixing it for everybody!


#25

I am too facing the same issue regarding LE certs used for email…

The LE certs that I am using for email are issued via Webuzo. The cert’s are working fine on my domain but the issue persists for emails

This is the folder where the files downloaded by the ACME script corresponding to the domain are stored as mentioned by Webuzo support


As mentioned by @schoen in the previous reply I copied the contents on the fullchain.cer and pasted the content in the 110.compilor.com-cabundle.crt file which is present in the /etc/ssl/cert folder

Before replacing the content I checked and it seems that 110.compilor.com-cabundle.crt was using the contents on ca.cer

Can anybody comment on what is going wrong here


#26

Hi @luffy56 @PeopleInside

The official client is Certbot. Other companies such as Softalicious write their own plugins. The plugins they write are under their control.

For example looking at the webuzo site there is a support email: https://www.softaculous.com/support/

Also looking at the wiki the Plugin Webuzo have written only associates certificates to websites not mail (from what I can gather). http://www.webuzo.com/wiki/Install_SSL_Certificate. You can clarify this with them.

Having a look at their wiki http://www.webuzo.com/wiki/Main_Page there doesn’t seem to be anything about how to use intermediate with Email Server. I would contact them and ask for clarification.

Andrei


#27

Hi,
thank you for your reply. Webuzo is not a plug-in but is a control panel for VPS / Dedicated Server.

Webuzo are currently looking into this issue but they seems are not able, at the moment, to find where the issue is with email. Seems is possibile send email by SSH, Thunderbird but not by PHP (Wordpress, OsTicket, Live Helper Chat).

Install SSL Certificate is for not Let’s Encrypt certificate, for let’s Encrypt there are apposite section: http://www.webuzo.com/wiki/Lets_Encrypt

They are working on the issue and asked to me to also ask here for help for fix the issue.


#28

hi @PeopleInside

Webuzo is a control panel but the letsencrypt component can be considered a plugin (this is semantics and not worth discussing really)

Can you ask them what mail server they use as this can help with the configuration questions.

Andrei


#29

Hi

@ahaw021 I have clarified with the Webuzo team and it seems that they are able to send Emails via Telnet with exim … but the issue arises when mail is sent using PHP Mail libraries and domain verification is on.

So it seems that the problem is narrowed down to PHP but still they are unable to determine how PHP Certificate verification is failing which is throwing this error mentioned by @PeopleInside

Because if the certificates are not configured correctly they shouldn’t work for the Websites as well


#30

@luffy56

Websites and Mail Servers are run by separate processes. So configuration for a web server in terms of ssl has no impact on the mail server.

also did you read up on the links above? the problem is defined pretty clearly

Andrei


#31

Hi @ahaw021

Thanks for the links, I have already seen them. And i get it that the Mail Server and Web Server are running in a separate process and different config.

But as the above links point out that if your SSL configuration is messed up then and then only the SSL error arises, but as i said before if the same certificates are loaded by the Webserver correctly then the mail server should be able to use the same.

@PeopleInside have you been able to solve this issue?


#32

No, I AM Waiting Webuzo Team. Maybe Developers who implemented let’s Encrypt in the panel but also hope someone of Let’s Encrypt Staff can give some helps because this issue is affecting all control panel users.

I continue to not understand if the issue is in Let’s Encrypt or in something setup in Webuzo… For now from let’s encrypt side they said that the certificate should work but have they tested? Have they tested on PHP 7.1, Apache? Seems Wordpress with SMTP Mailer plugin, OsTicket, live helper chat… all this app are unable to send email with the let’s encrypt certificate and configuration but if I replace this certificate with Comodo Positive SSL without change any configuration, all test is passed: all works… this is why at the start of this topic I asked to the Let’s Encrypt to implement support for email not only for websites or Thunderbird (email client) but also for work with SMTP and PHP.

I AM unable to fix this issue without the help of let’s Encrypt and Webuzo Team.
At the moment seems also Webuzo Team has no idea on how to solve this issue… I AM really asking if is an issue by let’s Encrypt.


#33

Are you sure is not an issue of Let’s Encrypt certificate?
The issue can be done by the ACME script or will be present also with CertBot?

Let’s Encrypt has been tested with PHP 7.1 , Exim / Dovecot and configuration for send email by SMTP for Wordpress, OsTicket, Live Helper Chat? (ALL PHP Application)?

This is not an issue of a single PHP script but for all PHP application and all is solved if Let’s Encrypt certificate is replaced… BUT I want understand if in the future Let’s Encrypt can support also SMTP and PHP or if there are some issue to fix our side for let all work fine also with Let’s Encrypt. I suppose this community should be the right place for discuss this… and I hope we can be near solution. Any suggestion?


#34

i am really sorry to do this

but did you read the diagnosis several posts above

the one that had the PHP links and the openssl bits

The issue is known and proven

The intermediate LetsEncrypt certificate is not installed on the mail server

It’s no mystery

Andrei


#35

@luffy56 you showed to me that you was able to install the intermediate certificate? IF so you should post here (as I have done) the SSL results [quote=“sahsanu, post:17, topic:32990”]
openssl s_client -connect smtp.gmail.com:465
[/quote]

If the results will be right and issue continue to be with PHP and Let’s Encrypt also if the SSL results show the intermediate certificate than has sense continue the discussion here.


#36

@PeopleInside

Here is the output

Screenshot of the Output

@ahaw021 the output i think is correct for the mail server … what do you think


#37

that should work - how are you planning to test?


#38

Hi

Thanks for the reply but still getting the same error.

I am able to send mails via this command telnet 107.compilor.com 465 which means my cert’s are good is this right? @ahaw021

But sending the mail via PHPMailer still throws the same error

:disappointed_relieved:


#39

@luffy56, that service is using a self-signed certificate, not a Let’s Encrypt certificate.

A certificate for your service does exist

https://crt.sh/?id=134919500

(the most recent of several, actually), but your service is not using the Let’s Encrypt certificate.

Edit: sorry, it seems from reviewing the thread that you are likely already aware of this and are still wondering about the proper server configuration in order to use the Let’s Encrypt certificate.


#40

You can confirm that it’s not the Let’s Encrypt certificate with

openssl s_client -connect 107.compilor.com:465 -servername 107.compilor.com

The certificate that appears at the top is summarized with

subject=/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=107.compilor.com/emailAddress=root@107.compilor.com issuer=/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=107.compilor.com/emailAddress=root@107.compilor.com

This is a self-signed certificate where the subject and issuer are the same, and neither is Let’s Encrypt.