Issue BUG: Certificate not assigned to mailserver (mail.) over ipv6

[Lexz]

Good afternoon,

We are experiencing a big issue on all our servers.
Customers who are using mail.<domainname>.com as there mailserver don't have a valid certificate on ipv6 in their mailclients (port 993 / 465).

We use the Plesk DNS with wildcard certificates from Lets Encrypt.
On ipv4 everything seems to work fine.

Hope someone can help us with this issue.
Thank you in advance.

 

[learning_curve]

@Lexz FWIW - Don't think it's a bug. It's more likely to just be a small misconfig. somewhere.
Has this only happened recently, after some changes elsewhere? (Upgrades / Re-Configs / Maintanence etc)
Presuming it must have, as your customers would surely have complained some time ago otherwise?

We use external DNS not Plesk DNS, but even so, we''ve not had any problems when using the same setup that you've mentioned;
"...using mail.<domainname>.com as the mailserver c/w a valid Let's Encrypt wildcard certificate, on ipv6, within mailclients (ports 993 / 465)"
^ edited just for context there ^
No mail and/or mail certificate problems on ipv4 or ipv6, or any visible errors in any of the numerous external mail test / header test sites either.
Unless you're going to post a Plesk Service Ticket, to save time / your customer's angst etc Perhaps you could post lots more details of the error(s).

 

[Lexz]

@learning_curve Thank you for your response.

In our test this seems to happen on all Plesk servers we run without changing te configuration.
Is it possible that I verify one of your domains with the test I use (PM)? Or are there configs we could check for mis-configuration?

Thank you in advance

 

[learning_curve]

@Lexz It's still not clear from your posts, so far, when this problem started on your servers;

....on all Plesk servers we run without changing te configuration.

^^ Explains where it is but not when it started.
Is it, since you very first started using Plesk? Or, only since you made a recent OS or Plesk update? Timewise, there's no point of reference, at present.

You've also mentioned a test above, that you use, but didn't post any further details of that test (method and/or results). That means, that there's no visible example yet, of the problem(s) that you're having and/or any links to the test sites that you've used to get those results. So on here, it's all still unseen, at present. You have breifly described it, in your opening post (...don't have a valid certificate on ipv6 in their mailclients...) but that's a generic description really.

If you can run some basic SSL / DNS pre-checks before your next post, that would rule out any simple IPV6 config errors prior to looking specifically at mail?
You can post the test results on here, if you want. Just edit/remove your own server details in advance, if needed.

You can quickly test any of the domains that you are hosting, on any of your servers as follows:

HERE If you are using IPV6 and the domains are configured correctly, then you'll receive two different reports - every time; 1 for IPV6 and 1 for IPV4.

HERE If you are using IPV6 and the domains are configured correctly, then you'll be able to validate the AAAA records plus any other DNS data that you wish

HERE If you are using IPV6 and the domains are configured correctly, then you'll be able to validate the IPV6 addresses in the MX Test section (and other tests)

These are only simple SSL & DNS tests, not specific mail process tests, but they are useful, advance external views of some of your basic IPV6 config. There are many other, more detailed IPV6 specific tests that you can run (later - if needed) but those above, would give a much clearer idea of the starting point...

You could also test the specific domain or sub-domain that you're hosting Plesk on, on each server, too; If you're going to advance double-check everything.