Migrating a cPanel Site for which Only Mail is Provided

RJM_Web_Design · October 4, 2022, 2:13pm

SYSTEM INFORMATION
OS type and version	Rocky 8.6
Webmin version	Latest
Virtualmin version	Pro Latest

I have a client for whom I only provide mail.

DNS is controlled by his Web host (but they’ll make changes if needed).

I have him hosted on a cPanel server as an ordinary cPanel account, but only the mail is operational because DNS at his Web host only points the mail-related entries to my server.

I plan to reformat the server, upgrade the OS, install Virtualmin, and migrate the cPanel backup into Virtualmin. But I’m wondering whether the fact that the Web site is hosted elsewhere will cause Let’s Encrypt to vomit.

My basic goal is to require no changes on anyone else’s part except for the host adding an A entry for admin.domain.tld so the client can access Webmin. mail.domain.tld and webmail.domain.tld already point to my server, and the IP will remain unchanged.

What’s the best way to do this that preservers the current mail settings for the client’s users and gets an SSL cert from Let’s Encrypt (or elsewhere if I have to buy one)?

One idea: Would migrating the cPanel backup into Virtualmin as mail.domain.tld be possible, or would that cause problems somewhere? For example, would clients then need to use mail.mail.domain.tld for POP3 / IMAP access?

Thanks,

Richard

tpnsolutions · October 4, 2022, 5:53pm

@RJM_Web_Design,

Let’s encrypt requires website be active on same domain on the same server if you intend to handle mail for this domain.

However, you could setup for instance “mail.domain.com” on your server and it would still be able to receive email for “domain.com”. The only thing the client would need to do is set the SMTP and IMAP/POP hostname to “mail.domain.com”.

This is technically how things should be setup anyways.

*** Professional, Affordable, Trusted – tpnAssist.com ***

RJM_Web_Design · October 4, 2022, 6:14pm

Thanks Peter. That’s most-likely what I’ll do.

RJM_Web_Design · October 7, 2022, 11:15pm

Well, that didn’t work.

I did a dry run on another server with a substantially identical configuration as the one in planning, and as far as I can tell there’s no way to migrate a cPanel backup into a virtual server with a domain name anything other than what it was named on the cPanel server.

So I tried another tack and created a virtual server mail.domain.tld and attempted to migrate the cPanel backup into it. I got an error that the template was not valid for subservers.

I thought about creating a virtual server domain.tld and then a subserver mail.domain.tld, but that won’t work because the parent domain would fail validation for SSL. (I host only the mail. The Web site, DNS, and everything else are hosted elsewhere.)

Sooo…

If I migrate the cPanel backup into Virtualmin as domain.tld, will Virtualmin allow me to change it to mail.domain.tld? I would think not because that entry would already exist in DNS, but I have been wrong before. Maybe it would just change it to mail.mail.domain.tld?

This client threw me a curve ball when he decided to use an industry-specific provider for his Web site, but he wanted me to continue hosting his mail. Had he asked about it I would have retained the DNS and pointed Web traffic to the new server. But he just changed the nameservers without asking me about it, and then wondered why his mail stopped working.

The guy has a PhD, by the way.

Because DNS for mail.domain.tld and webmail.domain.tld already point to the IP of the server in question, and because hitting mail.domain.tld over HTTPS does in fact bring up the server or virtual server’s default Web page while maintaining the mail URL (which I just found out 18 seconds ago) and webmail lands on Usermin, I wonder if Let’s Encrypt will issue a cert if I request it only for mail. and webmail. and not the parent domain?

I suppose another option would be to migrate the site normally as domain.tld and then buy an el-cheapo SSL cert from Comodo or someone for the mail only, and manually install it.

RJM_Web_Design · October 7, 2022, 11:46pm

Let’s Encrypt (or at least their community forum) says that a cert can be requested for a sub without requesting one for the parent domain. That would solve the problem. I’ll have the Web host create an A entry for admin.domain.tld while I’m at it, and just request the cert to cover those three.

RJM_Web_Design · October 8, 2022, 4:45am

All done. Not a bad evening’s work.

CentOS 7 / cPanel Server backed up and wiped
OS upgraded and updated (Rocky 8.6)
Virtualmin Pro installed to replace cPanel
PHP 7.4 and 8.0 installed
Miscellaneous PHP extensions installed
Roundcube installed
phpMyAdmin installed
Rclone installed
Backups configured and tested
Accounts restored

For future reference if anyone else winds up in this situation, webmail.domain.tld and mail.domain.tld will not open the domain default page, Webmin, or Usermin if HTTP is hosted elsewhere. For some reason, I thought miniserv took care of that and would use localhost for DNS, but obviously I was wrong.

However, it didn’t matter in the end. I redirected webmail.domain.tld to server.domain.tld/roundcube, which works fine.

As for Let’s Encrypt, I requested the cert for only webmail.domain.tld and mail.domain.tld, and the request was successful. I guess just having DNS pointed at the IP was enough.

I set up a test account on the client’s domain before I created the cPanel backup and configured it on a client, and it started working again as soon as the account was migrated into Virtualmin. With any luck, the clients’ employees who use device clients won’t even notice anything changed.

The webmail users might have to change their shortcuts, however, depending on what they were using before.

Thanks for the help. Now I can cancel another cPanel license!

Richard