This has only happened so far on one of many Hestia servers I’m looking after, but I thought I’d mention it here in case it was a wider problem. And SSL certs go in 2 or 3 month cycles, so it could be the first server in a wave of them … anyway.
panel.domain.com is the domain name assigned as the system host. It is assigned to a webserver (http/https), hestia install (port 8083), and mail server (dovecot and exim).
The certificate was expiring on Jan 10th, so Letsencrypt renewed it as expected for the web domain around Dec 10th. However it didn’t update the certificate for Hestia, or the mail subsysems, so those expired this week and clients started complaining about their mail not working.
It wasn’t hard to fix. I ran:
v-change-sys-hostname panel.domain.com (not sure if this one was necessary)
and all was good again. But it shouldn’t really have happened. Any ideas what was the cause? Is this just a weird one-off? Or is it a bug? I guess my questions will be answered if others start to experience it. But I just thought I’d post here to warn of a potential problem.
I run a script to check various SSL certs for webservers, so that reported no problems, and I didn’t pick it up until too late. I might now look at including some checks for mail server SSL certs too.
This was the magic command to test it in case anyone needs it.
openssl s_client -servername panel.domain.com -connect panel.domain.com:993 | openssl x509 -noout -dates