Question Obsidian 18.0.52 wrong certificates selected after renew

[haax]

Server operating system version

linux

Plesk version and microupdate number

18.0.52

Hi all,

I have an issue with a (hosted) Plesk setup.
There are a couple of sites configured, including letsencrypt certificates.

For a specific site I am using an alternative certificate for the mail server (SMTP/IMAP).
By default it uses the "domain.com" cert, but I use "mail.domain.com". (also an Letsencrypt cert)

It works fine until the certificates are (auto) renewed. After the renewal the default certs are selected. (and my mailclients get an certificate error).

Is this known behavior or an bug?

Martin

 

[Peter Debik]

How was the alternative certificate for the mail server created? Currently I cannot imagine how that was done, because the configuration you describe is unsupported. Probably this feature request matches the case: Add "mail.example.com" (mail subdomain) in Subject Alternative Names when option "Assign the certificate to mail domain" is selected, but it's not implemented yet.

 

[Maarten.]

I fixed this with a cron job that executes every hour:

"Run a command": /sbin/plesk bin subscription_settings -u domain.com -mail_certificate "Lets Encrypt mail.domain.com"

The cron job runs as root, so customers can't set this up themself.

 

[Maarten.]

This is a similar UserVoice:

Add possibility issue Let's Encrypt SSL certificate for mail server when the "A" DNS record for domain is pointing to another server

This feature is required for users with the configuration when on the Plesk only mail server for domain is used. "A" DNS record for mail.example.com is pointing to Plesk server, when when "A" record for example.com is pointing to another server.

plesk.uservoice.com