Panthur incident

Upstream SSL update causing email issues on older programs

Notice Resolved View vendor source →

Panthur experienced a notice incident on September 30, 2021 affecting Economy & Business Web Hosting and Reseller Hosting and 1 more component, lasting 3d 23h. The incident has been resolved; the full update timeline is below.

Started
Sep 30, 2021, 10:24 PM UTC
Resolved
Oct 04, 2021, 10:12 PM UTC
Duration
3d 23h
Detected by Pingoru
Sep 30, 2021, 10:24 PM UTC

Affected components

Economy & Business Web HostingReseller HostingStealth Web Hosting

Update timeline

  1. investigating Sep 30, 2021, 10:24 PM UTC

    On September 30 2021, Let's Encrypt updated their ROOT certificate. The ROOT certificate is responsible for issuing SSL Certificates by Let's Encrypt. This change has caused the older ROOT certificate (DST Root CA X3) to no longer be accepted, this has been replaced with ISRG Root X1. Some Email programs may still be referencing the older Root Certificate being (DST Root CA X3) and causing the mail clients NOT to validate the SSL SMTP and IMAP connections. This may be an issue with older devices that are not compatible with the new ROOT certificate. For the full press release from Let's Encrypt please see the link below. https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ As a temporary work-around please use these alternate ports for IMAP and POP which can be found below. Non-SSL IMAP (Incoming) : 143 Non-SSL POP (Incoming) : 110 Non-SSL SMTP (Outgoing) : 587 Please see our email setup guide here - > https://support.panthur.com.au/en/knowledgebase/article/email-setup-guides

  2. identified Oct 01, 2021, 12:09 AM UTC

    We are monitoring the impact of the recent Let's Encrypt change. If you are impacted by this update as a temporary work-around please use one of the following options: Log into Webmail. Please see the following guide- > https://support.panthur.com.au/en/knowledgebase/article/how-do-i-log-into-cpanel-webmail - OR - Update your email program to the following alternate ports for IMAP and POP which can be found below. Non-SSL IMAP (Incoming) : 143 Non-SSL POP (Incoming) : 110 Non-SSL SMTP (Outgoing) : 587 Please see our email setup guide here - > https://support.panthur.com.au/en/knowledgebase/article/email-setup-guides

  3. identified Oct 01, 2021, 05:52 AM UTC

    We are continuing to monitor this situation. LetsEncrypt SSL Certificates that are currently in use will still show the old, now-invalid certificate in their CA Bundle. To get emails and web traffic working as normal again, the most straightforward solution is to uninstall and reinstall your current certificate, but download the new CA Bundle. A link on how to apply these changes can be found here - > https://support.panthur.com.au/en/knowledgebase/article/resolving-issue-with-letsencrypt-root-certificate-update

  4. resolved Oct 04, 2021, 10:12 PM UTC

    An update was pushed out on Friday afternoon and we have been monitoring closely over the weekend. This matter appears to be resolved, however, if anyone is still having similar issues, please attempt a restart on your devices and refer to our manual fix which can be found here - > https://support.panthur.com.au/en/knowledgebase/article/resolving-issue-with-letsencrypt-root-certificate-update If any issues still persist, please submit a support ticket via the Client Area - > https://members.panthur.com.au/submitticket.php