Upstream SSL update causing email issues on older programs
Incident Report for Panthur Hosting
Resolved
An update was pushed out on Friday afternoon and we have been monitoring closely over the weekend.

This matter appears to be resolved, however, if anyone is still having similar issues, please attempt a restart on your devices and refer to our manual fix which can be found here - > https://support.panthur.com.au/en/knowledgebase/article/resolving-issue-with-letsencrypt-root-certificate-update

If any issues still persist, please submit a support ticket via the Client Area - > https://members.panthur.com.au/submitticket.php
Posted Oct 05, 2021 - 09:12 AEDT
Update
We are continuing to monitor this situation.

LetsEncrypt SSL Certificates that are currently in use will still show the old, now-invalid certificate in their CA Bundle. To get emails and web traffic working as normal again, the most straightforward solution is to uninstall and reinstall your current certificate, but download the new CA Bundle.

A link on how to apply these changes can be found here - > https://support.panthur.com.au/en/knowledgebase/article/resolving-issue-with-letsencrypt-root-certificate-update
Posted Oct 01, 2021 - 15:52 AEST
Identified
We are monitoring the impact of the recent Let's Encrypt change.

If you are impacted by this update as a temporary work-around please use one of the following options:

Log into Webmail.
Please see the following guide- > https://support.panthur.com.au/en/knowledgebase/article/how-do-i-log-into-cpanel-webmail

- OR -

Update your email program to the following alternate ports for IMAP and POP which can be found below.
Non-SSL IMAP (Incoming) : 143
Non-SSL POP (Incoming) : 110
Non-SSL SMTP (Outgoing) : 587

Please see our email setup guide here - > https://support.panthur.com.au/en/knowledgebase/article/email-setup-guides
Posted Oct 01, 2021 - 10:09 AEST
Investigating
On September 30 2021, Let's Encrypt updated their ROOT certificate.

The ROOT certificate is responsible for issuing SSL Certificates by Let's Encrypt.

This change has caused the older ROOT certificate (DST Root CA X3) to no longer be accepted, this has been replaced with ISRG Root X1.

Some Email programs may still be referencing the older Root Certificate being (DST Root CA X3) and causing the mail clients NOT to validate the SSL SMTP and IMAP connections. This may be an issue with older devices that are not compatible with the new ROOT certificate.

For the full press release from Let's Encrypt please see the link below.
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

As a temporary work-around please use these alternate ports for IMAP and POP which can be found below.
Non-SSL IMAP (Incoming) : 143
Non-SSL POP (Incoming) : 110
Non-SSL SMTP (Outgoing) : 587

Please see our email setup guide here - > https://support.panthur.com.au/en/knowledgebase/article/email-setup-guides
Posted Oct 01, 2021 - 08:24 AEST
This incident affected: Economy & Business Web Hosting, Reseller Hosting, and Stealth Web Hosting.