My domain is: smtp.hatters.org.uk
I ran this command: certbot certificates
It produced this output:
Found the following certs:
Certificate Name: smtp.hatters.org.uk
Domains: smtp.hatters.org.uk imap.hatters.org.uk pop.hatters.org.uk pop3.hatters.org.uk postfix.hatters.org.uk
Expiry Date: 2018-10-28 18:47:04+00:00 (VALID: 70 days)
Certificate Path: /etc/letsencrypt/live/smtp.hatters.org.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/smtp.hatters.org.uk/privkey.pem
My web server is (include version): none (LE standalone)
The operating system my web server runs on is (include version): Ubuntu 16.04.5
My hosting provider, if applicable, is: Jump Networks UK
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
I've been using a standalone cert for my mail server for the past year or more, until I did a reboot for a kernel update yesterday. Since then, people using Gmail as a POP3 client to pick up mail from the server are being timed out.
If they use the login details they used before (smtp.hatters.org.uk using SSL over port 995) they get a message:
Server returned error: "Connection timed out: There may be a problem with the settings you added. Please contact your other email provider to verify the correct server name and port."
And I don't see anything in the logs on the server.
If I try the IP address instead, it shows the message:
Server returned error: "SSL error: ok IP address "185.73.44.60" not found in SANs Valid hostnames: ,imap.hatters.org.uk,pop.hatters.org.uk,pop3.hatters.org.uk,postfix.hatters.org.uk,smtp.hatters.org.uk"
And I see this in the log on the server:
Aug 19 09:15:00 lorina dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=209.85.213.129, lip=185.73.44.60, TLS: Disconnected, session=<7gqcY8VzhYvRVdWB>
If the reboot of the mail server has changed something (it was for a kernel update), I can't tell what. And we've done reboots in the past without problems.
I can also connect OK using Thunderbird to a test account. So has Google changed something? Do I need to add the IP address to the list of hostnames as the error implies? That seems odd.
Does anyone know what's going on here?