SSL Cert, CNAME for Mail pointer problems (redux, clarified), not resolved

So, after back and forth yesterday, I change the “mail” and “webmail” records from A records to CNAME and also removed the first MX record entry based on advice of community.

At this point, I cannot get the SSL cert issued from MXroute panel to work with mail because mail is now pointing to mxrouting.net instead of my own domain (mail.peavyhome.com).

So, here is what the DNS zone record WAS:

			IN	MX	10	mail.peavyhome.com.	
			IN	MX	20	echo.mxrouting.net.	
			IN	MX	30	echo-relay.mxrouting.net.	


webmail		IN	A	116.202.115.120	
mail		IN	A	116.202.115.120	

And everything was sweet and swell. Could access “webmail.peavyhome.com” via web and mail client used “mail.peavyhome.com” to access mail.

So, based on advice, I changed the record to:

			IN	MX	10	echo.mxrouting.net.	
			IN	MX	20	echo-relay.mxrouting.net.	

webmail		IN	CNAME	echo.mxrouting.net.	
mail		IN	CNAME	echo.mxrouting.net.	

And now, I cannot properly access webmail.peavyhome.com because the browser complains about SSL cert mismatch. And mail client cannot reach “mail.peavyhome.com

And now MXroute panel cannot issue SSL cert because it can’t find mail.peavyhome.com (not that I should have to reissue the cert).

There is a long thread already about this, and a new thread on chat.

I am open to either:

  1. Reveting back to IP address and A records and just know that one day that may change;

or

  1. Figuring out the root cause.

Thank you.

It seems somewhere our wires got crossed. I’m seeing that peavyhome.com should actually be on arrow.mxrouting.net and not on echo.mxrouting.net.

OK. So, arrow.mxrouting.net for priority 10, what about 20? Or even bother?

A:

						IN	MX	10	echo.mxrouting.net.	
						IN	MX	20	echo-relay.mxrouting.net.	

Or, B:

						IN	MX	10	arrow.mxrouting.net.		

And is it the case that I should or should not have

						IN	MX	10	mail.peavyhome.com.		
						IN	MX	20	arrow.mxrouting.net.

MX records will be:

arrow.mxrouting.net (Priority 10)
arrow-relay.mxrouting.net (Priority 20)

You can find a copy of those details in the important account information email, which you can find a copy of here:

https://portal.mxroute.com/clientarea.php?action=emails

Just make sure you’re logged in at portal.mxroute.com to the account that correlates to that particular service.

Thanks! Will change. Also, that email - I swear it never came and when I checked last week in my account, none of the original messages were there. Glad to see them there now. Will post back results in a few.

Changing serial to 2020032302 and editing as follows:

			IN	MX	10	arrow.mxrouting.net.	
			IN	MX	20	arrow-relay.mxrouting.net.	

webmail		IN	CNAME	arrow.mxrouting.net.	
mail		IN	CNAME	arrow.mxrouting.net.

So, I’ve updated the zone file and here’s the result:

https://webmail.peavyhome.com works fine and the SSL cert matches. I did not need to generate a new one.

However…

mail.peavyhome.com (which is being used for IMAP/SMTP) is not working. The error message in my mail client is:

Screen Shot 2020-03-23 at 1.51.50 PM

The actual log file:

INITIATING CONNECTION Mar 23 13:51:19.243 host:mail.peavyhome.com -- port:587 -- socket:0x0 -- thread:0x608001875200

CONNECTED Mar 23 13:51:19.391 [kCFStreamSocketSecurityLevelNone] -- host:mail.peavyhome.com -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200

READ Mar 23 13:51:19.504 [kCFStreamSocketSecurityLevelNone] -- host:mail.peavyhome.com -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200
220 arrow.mxrouting.net ESMTP Exim 4.93.0.4 Mon, 23 Mar 2020 18:51:19 +0100

WROTE Mar 23 13:51:19.514 [kCFStreamSocketSecurityLevelNone] -- host:mail.peavyhome.com -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200
EHLO [192.168.1.104]

READ Mar 23 13:51:19.627 [kCFStreamSocketSecurityLevelNone] -- host:mail.peavyhome.com -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200
250-arrow.mxrouting.net Hello 172-9-20-19.lightspeed.tukrga.sbcglobal.net [172.9.20.19]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP

WROTE Mar 23 13:51:19.628 [kCFStreamSocketSecurityLevelNone] -- host:mail.peavyhome.com -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200
STARTTLS

READ Mar 23 13:51:19.740 [kCFStreamSocketSecurityLevelNone] -- host:mail.peavyhome.com -- port:587 -- socket:0x6040004ae6a0 -- thread:0x608001875200
220 TLS go ahead

OK. Jarland - thank you for all of this help. Mail is now working, and is able to connect to mail.peavyhome.com.

Now, I know I’m parsing it real fine here, but just FYI, http://mail.peavyhome.com resolves to an apache message page and https://mail.peavyhome.com gives an SSL mismatch still.

I know that doesn’t matter because no, I don’t try to access mail.peavyhome.com over the web, I do know that is not what anyone does. Apple Mail does access it over 587 no problem and the certs match.

Just pointing out the https over web in case it should matter to you. Although it makes sense because 443 is not the port you have configured for that pobably since it’s over 587.

Next - I love your service. I think it’s fantastic because it’s what I have been looking for. I appreciate the support. I hope I can help others!

Don’t know what happened there but re-ran the issue process and it applied fine.

Cool! All set then! THANK YOU!

ONE MORE Q - SO, what exactly happened when you say “Don’t know what happened there but re-ran the issue process and it applied fine.”

Because I have three more domains to update and want to make sure it’s going to work without bugging you!

Aye, I built the custom virtual host for the webmail subdomain only. Apache never loads a virtual host for the mail subdomain.

Re-ran the cert issuance.? Jus updated 323mimosa.com and everything went perfectly.

I re-ran the process here after the DNS entry part: https://mxroutehelp.com/index.php/2019/08/25/custom-webmail-pop-imap-smtp-domain/