I am unable to issue letsencrypt ssl certificate to website (domain.com) and mail server (mail.domain.com), shows success message in cyberpanel ("ssl manager" in left menu) but https is still not opening and clearly ssl not issued, and the email won't go from my wp mail smtp plugin. I can still send emails from Snappymail (the webmail) to Gmail addresses with no problem at all (meaning my emails don't go to spams or any other issue sending them to other email addresses from snappymail). I'm just unable to send them from my website itself using smtp. I get an error message from the smtp plugin about a misconfiguration of openSSL on my server. If only I knew what all that mean! The version is OpenSSL 1.0.2k-fips 26 Jan 2017. I use CentOS 7 64bit with Cyberpanel 2.3 Build: 2 (I use VPS on Hostinger) and I use Cloudflare (I doublechecked my DNS records and everything is set as it should). I also tried issuing the letsencrypt certificate to mail.domain.com from SSH with puTTy using some commands, it also showed a success message but still the same issue remained. At one point it succeeded for domain.com and it started opening finally, but still no emails are going. At one point I tried many times that I exceeded the limit of certificates I can issue with letsencrypt and it showed it through an error message. Now I really don't know what to do. Help please?
I always issue the letsencrypt ssl certificate from the cyberpanel. I also tried using the command panel puTTy (for the first time. I'm not good with commands at all, never used them before) to issue the ssl to mail.domain.com. Same result: A success message but no ssl showing up after checking to send emails from my website (they just don't go and an error message saying OpenSSL may not be configured properly). So it just keeps the self-signed ssl which is untrusted.
So after few days of struggling and looking up and down on the internet in search of the cause and the solution to this problem, I finally came across some description of what exactly was happening, it is called The SNI-Hole and how to "fix" it (actually you can't fix it), it goes away by its own after a few days of your website and domain being down. Why? Because as you try to issue a new letsencrypt SSL certificate, you are using up all your attemps (5 per week) you are able to issue the letsencrypt certificate. And as you are in that SNI hole as described, all your SSL certificates will be going to your domain but at different webservers, meaning the domain or subdomain in your server won't be getting it at all (that's what I understood at least! I'm sure it's way deeper than that, or maybe completely different than my explanation. I donno). So what I think happened is the previous certificates expired after some time (a couple of days) and then my latest attempt to issue a new SSL was finally successful, or because the other webservers weren't reachable before the one to which the certificate was intended to. So the solution is: WAIT at least a week or two, or even a month so that the previously issued certificates expire on the other servers before attempting to issue a new letsencrypt SSL certificate if you are in an SNI-Hole. It sucks but I couldn't find any other solution.