• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Let's Encrypt support for mail.domain.tld

T

Tomas Garcia Ferrari

New Pleskian
What would be the recommended way of adding support of the subdomain mail.domain.tld, so our mail clients do not receive a message saying that there is a hostname mismatch?

At the moment, our Plesk server is sending the certificate for the first installed domain to the mail clients.
 
I found on GitHub the Plesk-Mail-LetsEcrypt script. The method proposed there is using the Subject Alternative Name (SAN) mechanism (available from Let's Encrypt).

It captures all the domains and adds them using this:

/usr/local/psa/bin/extension --exec letsencrypt cli.php --secure-plesk -w "/var/www/vhosts/domain.tld/httpdocs" -m "webmaster@domain.tld" -d domain.tld -d www.domain.tld -d mail.domain.tld -d mail.domain-1.tld -d mail.domain-2.tld -d mail.domain-3.tld

Up to 100 alternative names can be added. Then it's just a matter of pointing the certificate to the mail server

Tools & Settings > SSL/TLS Certificates > Certificate for securing mail

Is there any caveat on this method? (for servers with less than 100 domains) Shouldn't this be supported directly from Plesk?
 
Tomas Garcia Ferrari said:
At the moment, our Plesk server is sending the certificate for the first installed domain to the mail clients.
Click to expand...

go to Plesk Panel > Tools Settings > SSL/TLS Certificates > Certificate for securing mail - here you can select one

How to secure mail server with Let's Encrypt certificate

Tomas Garcia Ferrari said:
Is there any caveat on this method? (for servers with less than 100 domains)
Click to expand...
Most certificate authorities cap the number of domains on a single cert anywhere from 25 to 100 and there is also a limit on the Cert size and perhaps it might have an performance issue. So what can happend is, some of your clients might have trouble connecting to your server.. So if you are experienced just use the script.

see for example
Rate Limits - Let's Encrypt - Free SSL/TLS Certificates
Resolved - Domain with 100 domains alias: Let's encrypt problem
Ideal number of domains in one single certificate

Tomas Garcia Ferrari said:
Shouldn't this be supported directly from Plesk?
Click to expand...
Well afaik there was a Uservoice about it and since there is a limit it will not work for several customers...
Well others on the forum do it in another way and point the dns entry of the mail.domain.tld of all domains to a specified mailserver name on the plesk server and secure it with an certificate.
 
Last edited:
In my case, it shouldn't be a big problem as I am not dealing with 100s of domains.

Brujo said:
Well others on the forum do it in another way and point the dns entry of the mail.domain.tld of all domains to a specified mailserver name on the plesk server and secure it with an certificate.
Click to expand...

Can you point to some articles explaining this method? Is this just done at the DNS level?
 
You must log in or register to reply here.

Similar threads

W
Question Wanted: Best practice for certificates (Lets Encrypt) two separate Plesk servers for www and mail
2
Replies
20
Views
2K
W4ru
W
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
2K
tessa67
T
B
Issue Can't add a Let's encrypt certificate
Replies
5
Views
644
Sebahat.hadzhi
Sebahat.hadzhi
L
Issue Plesk Mail Only SSL Still Not Functioning Properly
Replies
2
Views
263
alvarezcruz
alvarezcruz
M
Question Simple question about Plesk backups
Replies
2
Views
479
msospc
M
Back
Top