• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Plesk serves expired Mail certificates despite updated ones being installed

Jay Versluis

Jay Versluis

Regular Pleskian
Hello all,

I have a rather weird issue with securing mail on a Plesk Onyx system. Recently, my mail certificates expired. So I thought, time to renew it. At first I tried doing this with the same CSR as before, just getting a new certificate and replacing it in Plesk, leaving the CA certs alone. But to my surprise, Plesk was still serving the expired certificates instead.

No problem, I created a new certificate, and got my cert re-issued using the new CSR, then chose the new certificate to secure mail with it. Restarted the server. Now we should definitely see the updated certs, right?

Sadly no - Plesk is STILL serving my old expired mail certificate. What's going on? Where do I go from here? What do I check next, and is there something like a script I can run to make Plesk refresh the mail certificates? If you need further info, lease let me know.

My specs are Plesk Onyx 17.5.3 #22, running on CentOS 7.4.1708.

Any help appreciated!
 
Hi Jay Versluis,

the CSR itself is not used to secure your mail - server, instead the "key", "cert" and "ca" is used, as you might have noticed, when inspecting for example: /etc/postfix/main.cf .

Jay Versluis said:
then chose the new certificate to secure mail with it
Click to expand...
Could you provide the step-by-step procedure, so that we might be able to point you to ( possible ) inadequacies?

Jay Versluis said:
What do I check next, and is there something like a script I can run to make Plesk refresh the mail certificates?
Click to expand...
Plesk comes with the "Plesk Repair Utility", with which you have the choice to repair mail - settings.


Pls. check as well, that the corresonding certificate ( for example "/etc/postfix/postfix.pem" ) should have been edited with the new certificate parts.
 
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
611
Polli
Polli
QWeb Ric
Issue Server pool SSL not showing for selection
Replies
0
Views
399
QWeb Ric
QWeb Ric
C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
681
Chucky_213123
C
defcon8
Issue SMTP SSL Certificate Expired
Replies
2
Views
1K
defcon8
defcon8
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
2K
tessa67
T
Back
Top