• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs Certificate not assigned to mailserver (mail.) over ipv6

Lexz

Lexz

Basic Pleskian
Username: Lexz

TITLE

Certificate not assigned to mailserver (mail.) over ipv6

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian on Centos7

PROBLEM DESCRIPTION

Good afternoon,

We are experiencing a big issue on all our servers.
Customers who are using mail.<domainname>.com as there mailserver don't have a valid certificate on ipv6 in their mailclients (port 993 / 465).

We use the Plesk DNS with wildcard certificates from Lets Encrypt.
On ipv4 everything seems to work fine.

Hope someone can help us with this issue.
Thank you in advance.

STEPS TO REPRODUCE

Sign a domain with a Let's Encrypt wildcard domain and assign the certificate to the mailserver of the client.

ACTUAL RESULT

On Validation of the certificate on mail.<domain>.com with port 993 / 465 over ipv6, the server returns the certificate of the serverhostname instead of the wildcard. It seems to work over ipv4.

EXPECTED RESULT

The wildcard domain should be assigned to the mailserver mail.<domain>.com over ipv4 and ipv6

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
hello @Lexz,

Thank you for your report. Unfortunately i couldn't reproduce issue on test server.
I created domain assigned on IPv6 address only. Then i issued a wildcard Let's Encrypt certificate and assigned it to mail domain.mailwild.png

Next i checked certificate using two variants:
- script
PHP: 
<?php
        $stream = stream_context_create([
            "ssl" => [
                "verify_peer" => false,
                "verify_peer_name" => false,
                "capture_peer_cert" => true,
            ],
        ]);
        $timeout = 30.0;
        $idnAddress = "your-domain-name";
        $port = 993;
        $protocol = 'ssl';
        $socketAddress = "{$protocol}://{$idnAddress}:{$port}";
        $client = @stream_socket_client($socketAddress, $errNo, $errStr, $timeout, STREAM_CLIENT_CONNECT, $stream);
        if ($client === false) {
            throw new \Atf_Exception("Failed to open '{$socketAddress}': {$errStr}", $errNo);
        }
        $cont = stream_context_get_params($client);
        $certInfo = openssl_x509_parse($cont["options"]["ssl"]["peer_certificate"]);
        var_dump($certInfo);

- console command
Bash: 
echo | openssl s_client -showcerts -servername testdomain.tld -connect testdomain.tld:993 2>/dev/null | openssl x509 -inform pem -noout -text

Seems like you should contact with our support team Plesk Help Center to investigate this issue more detailed.
 
Last edited:
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
537
Polli
Polli
C
Question Plesk Login for Customers over Subdomain with Certificate.
Replies
1
Views
256
Martin Dias
Martin Dias
Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2 3
Replies
48
Views
21K
gsk
gsk
C
Question How can I secure my Mail with Letsencrypt next to Cloudflares Origin Certificate in Plesk?
Replies
4
Views
1K
cpulove
C
W
Question SSL Cert for Mail-Server
Replies
1
Views
589
Kaspar
K
Back
Top