• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Plesk mail on iphone with cert problems

A

Alex Cote

New Pleskian
Im having problems with the free certs generated by plesk. They are not updating after expiration and my clients iphones not updating with the new cert info.
Gets anoying as hell to have to reinstall the mail accounts every 3 months.

What do I need to do to fix this issue?
 
Some Apple mail installations are not able to handle a renewal of Let's Encrypt certificates. When a certificate is renewed, the devices think, it is a brand new certificate, not a renewal of the existing certificate. That is why they do not accept these certificates. It is a known Apple bug that has been a round since Let's Encrypt became popular. Last thing that I remember was that you need to update the device's operating system and mail app to solve the issue.
 
Same cert expires and I have to delete the account and reinstall it to get to work. If not it just gets stuck with the old expired cert. pop-up comes up to renew and it doesnt change.
 
So the issue is not that the iPhone or Thunderbird don't accept a re-issued cert, but your issue is that the cert itself is not automatically updated and you have to update the cert manually in Plesk. Is that so?
 
Are you using the "SSLit!" extension to maintain your certificates? If not, can you switch to it, because it is a requirement for some configurations.
Are you using SNI? Are you using wildcard certificates? In the past there have been reports where in both cases certificates cannot be auto-re-issued.
 
SNI: When you create or reissue a certificate you can determine what components shall be included in the certificate. For example you can add the "Mail access". In the "Mail Settings" you will also need to select the certificate from the "SSL/TLS certificate for mail" if you do not use the host name for your mail program.

I am only asking to narrow down the certificate issue. It is not really directly linked to this, but you need to be very exact what cert you have where and how you use it. Also, when the cert does not renew, you should get an error message why it does not automatically renew. Have you seen such an error message, e.g. in an email notification?

Normally, when a cert cannot be auto-renewed, the cause is a faulty DNS record of the domain. Are you using the Plesk DNS system or is your DNS external? Are you using cloudflare for example that might block a request from Let's Encrypt to your server? Is your DNS configured correctly so that only a single IP is listed for the domain and not multiple IPs that might not be correct? Are you using IPv6 or IPv4 only?


sni.jpg
 
Nah thats not it. Im still using the plesk lets encrypt cert. So shouldnt be a problem.
And my DNS entry is opened. Not filtered.
 
But you do get an error message when a cert renewal fails? What exactly does it say?

If you have not received it by mail, you can look into /var/log/plesk/panel.log. All renewal errors are logged there, no debug mode necessary. Can you provide the error message here (with redacted domain and IP)?
 
Issue is back after the cert expiring last night. I get the not trusted on all apple devices. And cant event press to get it accpet the renewal.
 
Is there a better way to get this solved. ? buy a 1 year SSL? I dont care about the site since I use cloudflare. I only care about the emails.
 
You must log in or register to reply here.

Similar threads

carlsson
Issue Emails don't look the same on iPhone vs Computers
Replies
7
Views
1K
Arm-In
A
L
Issue Plesk Mail Only SSL Still Not Functioning Properly
Replies
2
Views
262
alvarezcruz
alvarezcruz
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
2K
tessa67
T
V
Issue Apple Mail alias-accounts get offline
Replies
4
Views
9K
virk
V
C
Question Plesk with Cloudflare Proxy DNS Records and Letsencrypt..
Replies
0
Views
1K
cpulove
C
Back
Top