Wrong /etc/dovecot/sni.conf generated

[rch7]

Hello,
I have a domain in /etc/dovecot/sni.conf that uses main service cert instead of /var/cpanel/ssl/domain_tls/.. like other domains:
# Main cert for SNI

local_name "domain.com cpanel.domain.com cpcalendars.domain.com cpcontacts.domain.com direct.domain.com mail.domain.com webdisk.domain.com webmail.domain.com www.domain.com" {
ssl_cert = </etc/dovecot/ssl/dovecot.crt
ssl_key = </etc/dovecot/ssl/dovecot.key
}

I have tried to regenerate it with /scripts/build_mail_sni --rebuild_dovecot_sni_conf but it creates the same file.
What is the logic behind it? It breaks POP3/IMAP for domain.com clients as e.g. gmail POP3 fetcher requires SAN to match and main service cert only has hostname.domain.com and not mail.domain.com, unless you override it manually every 3 months.

 

[cPRex]

Hey there! That's odd for sure, as the only entry I'd expect to have the /etc/dovecot/ssl/* entries is the top entry for the hostname. We might need to strace the build_mail_sni command in order to see what is happening here - could you submit a support ticket to our team so we can look into this?