• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Certificate for securing mail

raykai

raykai

Basic Pleskian
what certificate should i use for securing mail ?
If i use Lets Encrypt certificate from server pool i get certificate errors from email clients.
 
In general, you may want to use the same certificate for the mail server that is used for securing your Plesk panel and tell your customers to use your plesk servers name as mailserver for incoming and outgoing mail. (and not mail.customerdomain.tld)

If you really want to be able to let customers use mail.customerdomain.tld for sending and receiving emails via secure connection, then there is a workaround for doing so.
But it requires additional configuration steps for every domain you or your customers do setup. (and does not scale well, i.e. you are limited to a top max of 100 domains you could handle that way)
 
raykai said:
i get certificate errors from email clients.
Click to expand...
What error is that exactly? Is it a "wrong certificate name" error or similar? In that case use the host domain, not the subsdription domain, to retrieve mail. The name must match what the certificate is securing.
 
wrong certificate name . i have 3 domains that need to be able to send emails from their domain and they are companies. The customers prefer having emails that have the domain name of the company over the plesk domain one.
 
As you only have a single mail server that is addressed by the host name, not a domain name hosted on the machine, your customer must use the mail server name. The SSL certificiate is made out to the single mail server on your machine. It is only a server name, it is not the domain name that shows up as a "sender" in an e-mail's visible part.

Example: If your customer hosted mails on Office 365, he does not have a choice how the mail server is name either. He would get some cryptic name like business01-de.provider.tld without any discussion. It should really not be of any concern to anyone what the host name is, it is simply a technical expression that practically noone sees but tech admins that configure e-mail settings.
 
lets say my plesk is on a VPS domain vps200001.vps.ovh.com i have no access to add subdomains to it how would i set it up for mail ?
 
If the host name is vps200001.vps.ovh.com then the SSL certificate that you create in Tools & Settings > Security > SSL/TLS Certificates is made out for vps200001.vps.ovh.com and the mail server name that the customer uses is vps200001.vps.ovh.com.
 
so i would setup both IMAP and SMTP as : vps200001.vps.ovh.com ?

if so would i not be getting hit by bots a lot by not using a random subdomain for mail ?
 
Yes, IMAP and SMTP vps200001.vps.ovh.com

The host will be hit by bots a lot anyway. That's what you need Fail2Ban for. Activate the mail jails to block brute force attacks on the mail service.
 
You must log in or register to reply here.

Similar threads

carlsson
Issue Mail on Plesk, web on other provider, how do I create a correct SSL?
Replies
2
Views
165
carlsson
carlsson
S
Question Mail subdomains with wrong TLS certificate (e.g. imap.example.tld)
Replies
1
Views
259
Kaspar
K
B
Resolved Shared hosting with multiple domains SSL/TLS issues
2
Replies
20
Views
2K
bork
B
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
289
Azurel
Azurel
D
Issue Automatic renewal via SSLit doesn't work for wildcard certificates
Replies
0
Views
510
D3nnis3n
D
Back
Top