• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Issue Certificate for securing mail

raykai

raykai

Basic Pleskian
what certificate should i use for securing mail ?
If i use Lets Encrypt certificate from server pool i get certificate errors from email clients.
 
In general, you may want to use the same certificate for the mail server that is used for securing your Plesk panel and tell your customers to use your plesk servers name as mailserver for incoming and outgoing mail. (and not mail.customerdomain.tld)

If you really want to be able to let customers use mail.customerdomain.tld for sending and receiving emails via secure connection, then there is a workaround for doing so.
But it requires additional configuration steps for every domain you or your customers do setup. (and does not scale well, i.e. you are limited to a top max of 100 domains you could handle that way)
 
raykai said:
i get certificate errors from email clients.
Click to expand...
What error is that exactly? Is it a "wrong certificate name" error or similar? In that case use the host domain, not the subsdription domain, to retrieve mail. The name must match what the certificate is securing.
 
wrong certificate name . i have 3 domains that need to be able to send emails from their domain and they are companies. The customers prefer having emails that have the domain name of the company over the plesk domain one.
 
As you only have a single mail server that is addressed by the host name, not a domain name hosted on the machine, your customer must use the mail server name. The SSL certificiate is made out to the single mail server on your machine. It is only a server name, it is not the domain name that shows up as a "sender" in an e-mail's visible part.

Example: If your customer hosted mails on Office 365, he does not have a choice how the mail server is name either. He would get some cryptic name like business01-de.provider.tld without any discussion. It should really not be of any concern to anyone what the host name is, it is simply a technical expression that practically noone sees but tech admins that configure e-mail settings.
 
lets say my plesk is on a VPS domain vps200001.vps.ovh.com i have no access to add subdomains to it how would i set it up for mail ?
 
If the host name is vps200001.vps.ovh.com then the SSL certificate that you create in Tools & Settings > Security > SSL/TLS Certificates is made out for vps200001.vps.ovh.com and the mail server name that the customer uses is vps200001.vps.ovh.com.
 
so i would setup both IMAP and SMTP as : vps200001.vps.ovh.com ?

if so would i not be getting hit by bots a lot by not using a random subdomain for mail ?
 
Yes, IMAP and SMTP vps200001.vps.ovh.com

The host will be hit by bots a lot anyway. That's what you need Fail2Ban for. Activate the mail jails to block brute force attacks on the mail service.
 
You must log in or register to reply here.

Similar threads

C
Resolved Plesk Login for Customers over Subdomain with Certificate.
Replies
2
Views
2K
cpulove
C
kristobal1969
Issue Plesk 18.0.70 and Could not issue/renew Let's Encrypt certificates
Replies
8
Views
964
Adrian_13
A
L
Issue Plesk Mail Only SSL Still Not Functioning Properly
Replies
6
Views
1K
Ladylinux
L
M
Input Implement a generic ACME client for TLS Certificate issuance and automatic renewal
Replies
0
Views
4K
Mattia_98
M
A
Issue Can't reissue LE certificate
Replies
1
Views
738
Martin Dias
Martin Dias
Back
Top