• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue [Bug?] Dovecot mail certificate wrong paths

D

Daedalus3

New Pleskian
Hi guys,
I'm using Plesk Obsidian 18.0.28 Update 3 with dovecot and a let's encrypt certificate. The certificate is assigned to the mail server via "Tools & Settings --> SSL/TLS Certificates. About every three months my mail certificate expires and supposedly isn't renewed. However, the error seems to lay in the dovecot.conf. The file path pointing to the certificate is wrong. Plesk seems to be expecting:

Code: 
# PEM encoded X.509 SSL/TLS certificate and private key.
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key =  </etc/dovecot/private/dovecot.pem

While the config shows:

Code: 
# PEM encoded X.509 SSL/TLS certificate and private key.
ssl_cert = </etc/dovecot/private/ssl-cert-and-key.pem
ssl_key =  </etc/dovecot/private/ssl-cert-and-key.pem

Changing the paths to point to dovecot.pem will work for some time, but sooner or later Plesk(?) will change them pack to point to ssl-cert-and-key.pem.

A fix would be highly appreciated :)
 
Daedalus3 said:
Plesk seems to be expecting:
Code: 
# PEM encoded X.509 SSL/TLS certificate and private key.
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key =  </etc/dovecot/private/dovecot.pem
While the config shows:
Code: 
# PEM encoded X.509 SSL/TLS certificate and private key.
ssl_cert = </etc/dovecot/private/ssl-cert-and-key.pem
ssl_key =  </etc/dovecot/private/ssl-cert-and-key.pem
A fix would be highly appreciated :)
Click to expand...

@Daedalus3 This is taken directly from a Plesk Support Ticket some time ago:

".... /etc/dovecot/private/ssl-cert-and-key.pem is still defined in /etc/dovecot/dovecot.conf:
Code: 
grep -iR "ssl-cert-and-key.pem" /etc/dovecot/*
/etc/dovecot/dovecot.conf:ssl_cert = </etc/dovecot/private/ssl-cert-and-key.pem
/etc/dovecot/dovecot.conf:ssl_key = </etc/dovecot/private/ssl-cert-and-key.pem
but the parameters from this config are not actually in use, because they defined in the /etc/dovecot/conf.d/11-plesk-security-ssl.conf config:
Code: 
grep -iR "dovecot.pem" /etc/dovecot/*
/etc/dovecot/conf.d/11-plesk-security-ssl.conf:ssl_cert = </etc/dovecot/private/dovecot.pem
So unless you customise / modify the file; /etc/dovecot/conf.d/11-plesk-security-ssl.conf there's no fault, so no fix is needed.
 
Thanks for clarifying! There must be other configuration issues then ( /etc/dovecot/conf.d/11-plesk-security-ssl.conf is in place and indeed pointing to dovecot.pem) :(
 
Daedalus3 said:
...There must be other configuration issues then...
Click to expand...
Sounds like it. To try and understand a little clearer, what did you actually mean here:
...The certificate is assigned to the mail server via "Tools & Settings --> SSL/TLS Certificates. About every three months my mail certificate expires and supposedly isn't renewed...?
Click to expand...
Presumably, on that page, you mean this:
Certificate for securing mail:
Click to expand...
If so, then more detail here wil help. e.g. Is it a *Wildcard certificate? Is it a different certificate than the one here:
Certificate for securing Plesk
Click to expand...
etc etc From what's been posted so far, it sounds like it might be just a small certificate allocation misconfig, somewhere
 
You must log in or register to reply here.

Similar threads

J
Issue DEBIAN 12 OPENSSL 3.0 DOVECOT does not allow login
Replies
1
Views
1K
Yaroslav_T
Yaroslav_T
Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
492
Polli
Polli
defcon8
Issue SMTP SSL Certificate Expired
Replies
2
Views
1K
defcon8
defcon8
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
2K
scpcomp
S
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
2K
tessa67
T
Back
Top