Hi All,
Just wondering if the LE SSL certificate for the server name is/was a good decision as I have imported cPanel accounts and nearly everyone get the message that the SSL certificate is not trusted. It doesn’t matter if it are Apple devices or Windows based clients. Anyone experience with this or advice?
Nico
You need to make sure that every account, domain you issued a Let’s encrypt certificate, might be possible you transfered SSL files from cpanel. I have no issues with that since i issued a LE ssl per account and its GREEN so no warning etc.
Cheers.
Hi
Nico was referring to the mail SSL
The simplest way to overcome this as the mail server does not use sni is to set all mx records for domains to use your server FQDN SSL
This then does not cause issues when setting up email on devices
Existent email accounts already setup would need the mail servers used manually changing to correct SSL used for server FQDN and all should then work lovely
You can change the dns template to reflect mx to use - this is for new siteworx accounts created and not existent siteworx accounts already created
Please make sure though that a correct A records exists for the mail server FQDN SSL and that a correct PTR (RDNS) exists and matches mail server FQDN used
Lastly, please remember that resellers have their own dns template so you may want to ensure all reseller account dns template has the correct mx record set
Many thanks
John
Oh, sorry then i misunderstood it, didn’t read the title…
Hi albahost
No need to apologize. Your posts are more then welcome and very helpful to everyone
Many thanks
John
Thanks, im still unsure what does Nico means with “certificate not trusted” a webmail login or? Since i’ve created valid FQDN on A record and now imported an account from whm cpanel to interworx and tested it i don’t see any warning nor ssl issue…
Hi albahost
Sorry as an example
Mail server FQDN say is sslmydomain.url and has an SSL setup
A siteworx account has an mx record of mail.siteworx.url and has a LE SSL setup on the domain covering mail.siteworx.url
The email client is trying to use the mx record of mail.siteworx.url and checking the SSL against mail.siteworx.co.uk but the mail server is serving sslmydomain.url as it?s ssl.
The client setup warns of insecure ssl due to no match of ssl
I am not sure if dovecot overcomes this by serving correct ssl for the siteworx account mx record but guess not
I thought CPanel overcame this by a single ssl containing all domain ssl but could be wrong sorry
I hope that explains better
Many thanks
John
Hi John,
For some reason interworx are missing some modification in theri dns while creating a domain, i managed to install the ssl with SAN manually by installing certbot and then:
sudo certbot --apache -d domain.com -d mail.domain.com
the -d is to include subdomain-domain and it will ask if you wan’t to force to use https you have the choice to force it or not.
Even the dns “www” was created i get an error from certbot that it doesnt have a valid DNS for www, so i was forced to remove from -d www.domain.com and include only mail.domain.com and domain.com.
I will investigate in this matter and let you know if i come with another solution.
Cheers.
Hi albahost
Many thanks
Sorry just on my way back but called for a coffee
You can create all subdomain from LE by selecting the records to add. I?ll take a screenshot tommorow but sorry if I?m not understanding you fully.
So LE would cover www. mail. subdomain. Etc
The issue is the mail server SSL record it servers but a SAN SSL should overcome this and as it?s only mail server, you do not need any other subdomain.
I would email support(at)interworx.com and let them know you can create a SAN SSL to come sr all mail.siteworx.url as you may have resolved that
However, it stops in mind somewhere that there is a limit to how far the SAN SSL is searched but could be wrong
Either way kudos to you
Many thanks
John
Hi
Apologies there is sni for dovecot
I have the config files but so far not been able to make it work
I did see the sni tmp file but cannot remember how I activated it
If you look at /etc/dovecote/conf.d
Many thanks
John
Yes it contains the file called: 95-iworx-sni-hosts.conf but normally when you create a host interworx should add automatically the host details with ssl cert directory in there but unfortunately it does contain only main server file, mine is:
local_name server1.albahost.net {
ssl_cert = </home/server1/var/server1.albahost.net/ssl/server1.albahost.net.chain.pem
ssl_key = </home/server1/var/server1.albahost.net/ssl/server1.albahost.net.priv.key
}
So you have to add manually for other domains which it would be like this:
local_name server1.albahost.net {
ssl_cert = </home/server1/var/server1.albahost.net/ssl/server1.albahost.net.chain.pem
ssl_key = </home/server1/var/server1.albahost.net/ssl/server1.albahost.net.priv.key
}
local_name “domain.com mail.domain.com” {
ssl_cert = </home/server1/var/domain.com/ssl/domain.com.chain.pem
ssl_key = </home/server1/var/domain.com/ssl/domain.com.priv.key
}
restart your dovecot and check out.
I am sorry for my silence as I am struggling with the cPanel Import, it’s a mountain of errors and issues. I am prioritising at the moment.
All Softaculous information is not transferred, so customers installations are missing…
User can’t login to Siteworx as it give weird form error…
Passwords from cPanel mailboxes are not accepted, seems to do with % ^ & characters used… and so on.
Roundcube contacts list missing and so on.
Kind regards,
Nico
P.S. does this mean the users will be able to use their own domain name to send / receive email instead of the server name?
Hi
@AlbaHost - will test in test server tonight to see if ours does the same
Sni is only on davecot and not sendmail - so only half of email (pop imap)
@Nico - sorry to hear you still have issues importing
I would advice opening a support ticket with IW and let them have a look to see what?s what. Please do this from nodeworx, remote support
I would also ssh into server and run as root or sudo service iworx restart
If this does not resolve issue with siteworx login - could you post a screenshot showing error
Many thanks
John
Hi
@Nico - sorry no
This is because the smtp is not sni
So best to keep using server mail FQDN for the moment
Many thanks
John
@Nico Even if this would be possible i would not recommend it, due for spam etc. Im suprised that interworx tech/support is non exist in this forum, except a mod John…
Hi
IW tech/support do not often post on forums but do keep watching forums.
I don?t mind helping/mod on forums as it leaves IW to get on with business
I often also forward threads which are important and where posters have issues, request they open a support ticket directly by nodeworx remote support so they could see what?s going on/wrong
I will check our test server when I?m back but maybe tommorow as I still have 160 miles still to go
Many thanks
John
Hi John,
I do really appricate your help and support, but there are something that we don’t know better than the one who created this software. And because due for the lack of support here, this place including this software makes really shady. Even centos webpanel have more members and support which is so young in marketplace instead of interworx… Believe me or not, sometimes i think that using this software, feels that we are in our own.
Hi albahost
Many thanks
I hear what your saying but the forums are followed by forum users who are very knowledgeable and also IW
Mostly, IW just works lovely so the forums tend to be quieter
CPanel import, I can?t really test as I do not have any CPanel to import but IW take it seriously and as I understand, CPanel changes so the import needs changing.
If you have any doubt over IW Support, then next time you have an issue, open a support ticket with IW and you will see support is available.
Please remember IW are in USA so time difference needs allowing for.
Many thanks
John
Hi Albahost–
I totally understand your concern as to the lack of our presence on the forum and it is something that we are aware we all need to put a better effort into. However, InterWorx is a really small company–we are literally, right now, four people (three devs and me as support/billing/sales,etc). So, unfortunately, between development and support needs, the forum ends up falling through the cracks. :frown: That is why we are so, so thankful for John for being the absolute best and volunteering as admin because he can then direct us to the tickets (like this one! 
) where direct response is required.
If you are experiencing issues or have questions, though, and want direct input from one of us, we really recommend submitting a ticket to the helpdesk: https://support.interworx.com/index.php?_m=tickets&_a=submit
Our support hours are M-F 7:30am - 3:30pm, EST, however, for tickets that are submitted a high or urgent priority after hours, we get notifications to our phones. If it is before midnight, EST, 99% of the time, someone (usually me ) will be able to respond within the hour. After midnight, the message usually wakes me up, but sometimes I do not get to it until morning.
There are some internal changes that are in the works right now, and we will be expanding a bit, so that will hopefully allow more time for us to be more active on here.
Hopefully this helps a bit to alleviate some concerns.
-Jenna
Hey Jenna,
Thank you for your response, i actually was not concerned about support tickets because as per my experience you are very fast over the ticket response, my main concern is here on the forum and wiki/docs etc. I really love this software and wan’t that more and more users will use it. But as because i stated in my previous post due for the lack of support here, and too little wiki/docs it makes this beautyfull software shady. I really wish that you grow more and more, and that’s why i invited you to lowendtalk because each ISP,software devs/support etc are in there. In this way did directadmin growed alot. But it seems that your CEO don’t even wan’t to grow it… Now i understand why are here lack of support/wiki/docs because with 4 employees working hard it will not give the time to help/listen our requests here over the forum.
Anyway, thank you for taking the time to respond to this forum. Do you have any ETA for the issue with import from cPanel to interworx that is limited to the usernames no more than 8 characters and to support migration the whole user directory i.e /home/user/* instead of /home/user/public_html/*? Because we are still waiting for this issue to be fixed so that we can move to interworx from whm cpanel.
Cheers.