Email SSL with Let's Encrypt

One of the things that I thought Cpanel implemented really well was Let’s Encrypt. We were ecstatic when we were finally able to implement SSL on email server wide.

In our setup and evaluation of Interworx, I am finding this not possible unless the customer uses the server hostname for the incoming and outgoing. CPanels implementation was not a wildcard ssl but rather an ssl for subdomains as well as the main domain individually. Or at least that’s the way I understood it.

Is this going to be something implemented eventually on IW or is this a limitation of Qmail not being able to handle SSL out of the box?

I think having a customer set their imap settings to the server instead of their domains is not the best way to set them up. At least in my view. Setting their imap servers to their main domain seems to work fine, but again as a general practice of standardization mail.domain is prefered.


There is a limitation within Qmail, where it does not support SNI. However, we worked around this last year by implementing Dovecot MSA for ports 587 and 465. As long as the domain has covered in their SSL certificate, and the Dovecot MSA is enabled (which is is by default on all new installations), customers should be able to set up mail clients to use However, it can ONLY be set with port 587. If they are using port 25, the hostname will have to be used, instead.

If you are experiencing issues setting up IMAP using in a client over port 587, with the Dovecot MSA enabled for that port, and covered in the domain’s SSL certificate, submit a ticket to and I can take a look. I will need to know the specific mail client, and all of the exact set up information that the customer is using. As well as access to the server, itself.

Documentation on Dovecot MSA can be found here: How to: Edit Dovecot MSA Settings — InterWorx documentation

Documentation on using the Dovecot MSA for SNI can be found here (however, this should not be needed if it is a new install): How to: Enable SNI for Mail Over Port 587 and 465 — InterWorx documentation

We are converting mail away from Qmail and will be using Exim in the future. That switchover is on the roadmap for 2021, however, it is a very large project, so I do not have an ETA at this time. But once that occurs, SNI should also work over port 25.

Friendly Neighborhood InterWorx Support Manager

1 Like