• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs Certificate not assigned to mailserver (mail.) over ipv6

Lexz

Lexz

Basic Pleskian
Username: Lexz

TITLE

Certificate not assigned to mailserver (mail.) over ipv6

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian on Centos7

PROBLEM DESCRIPTION

Good afternoon,

We are experiencing a big issue on all our servers.
Customers who are using mail.<domainname>.com as there mailserver don't have a valid certificate on ipv6 in their mailclients (port 993 / 465).

We use the Plesk DNS with wildcard certificates from Lets Encrypt.
On ipv4 everything seems to work fine.

Hope someone can help us with this issue.
Thank you in advance.

STEPS TO REPRODUCE

Sign a domain with a Let's Encrypt wildcard domain and assign the certificate to the mailserver of the client.

ACTUAL RESULT

On Validation of the certificate on mail.<domain>.com with port 993 / 465 over ipv6, the server returns the certificate of the serverhostname instead of the wildcard. It seems to work over ipv4.

EXPECTED RESULT

The wildcard domain should be assigned to the mailserver mail.<domain>.com over ipv4 and ipv6

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
hello @Lexz,

Thank you for your report. Unfortunately i couldn't reproduce issue on test server.
I created domain assigned on IPv6 address only. Then i issued a wildcard Let's Encrypt certificate and assigned it to mail domain.mailwild.png

Next i checked certificate using two variants:
- script
PHP: 
<?php
        $stream = stream_context_create([
            "ssl" => [
                "verify_peer" => false,
                "verify_peer_name" => false,
                "capture_peer_cert" => true,
            ],
        ]);
        $timeout = 30.0;
        $idnAddress = "your-domain-name";
        $port = 993;
        $protocol = 'ssl';
        $socketAddress = "{$protocol}://{$idnAddress}:{$port}";
        $client = @stream_socket_client($socketAddress, $errNo, $errStr, $timeout, STREAM_CLIENT_CONNECT, $stream);
        if ($client === false) {
            throw new \Atf_Exception("Failed to open '{$socketAddress}': {$errStr}", $errNo);
        }
        $cont = stream_context_get_params($client);
        $certInfo = openssl_x509_parse($cont["options"]["ssl"]["peer_certificate"]);
        var_dump($certInfo);

- console command
Bash: 
echo | openssl s_client -showcerts -servername testdomain.tld -connect testdomain.tld:993 2>/dev/null | openssl x509 -inform pem -noout -text

Seems like you should contact with our support team Plesk Help Center to investigate this issue more detailed.
 
Last edited:
You must log in or register to reply here.

Similar threads

Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2 3
Replies
48
Views
10K
gsk
gsk
C
Question How can I secure my Mail with Letsencrypt next to Cloudflares Origin Certificate in Plesk?
Replies
1
Views
126
Kaspar
K
defcon8
Issue SMTP SSL Certificate Expired
Replies
2
Views
656
defcon8
defcon8
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
840
mow
M
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
2K
Daiv
D
Back
Top