• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs Certificate not assigned to mailserver (mail.) over ipv6

Lexz

Basic Pleskian
Username: Lexz

TITLE

Certificate not assigned to mailserver (mail.) over ipv6

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian on Centos7

PROBLEM DESCRIPTION

Good afternoon,

We are experiencing a big issue on all our servers.
Customers who are using mail.<domainname>.com as there mailserver don't have a valid certificate on ipv6 in their mailclients (port 993 / 465).

We use the Plesk DNS with wildcard certificates from Lets Encrypt.
On ipv4 everything seems to work fine.

Hope someone can help us with this issue.
Thank you in advance.

STEPS TO REPRODUCE

Sign a domain with a Let's Encrypt wildcard domain and assign the certificate to the mailserver of the client.

ACTUAL RESULT

On Validation of the certificate on mail.<domain>.com with port 993 / 465 over ipv6, the server returns the certificate of the serverhostname instead of the wildcard. It seems to work over ipv4.

EXPECTED RESULT

The wildcard domain should be assigned to the mailserver mail.<domain>.com over ipv4 and ipv6

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
hello @Lexz,

Thank you for your report. Unfortunately i couldn't reproduce issue on test server.
I created domain assigned on IPv6 address only. Then i issued a wildcard Let's Encrypt certificate and assigned it to mail domain.mailwild.png

Next i checked certificate using two variants:
- script
PHP:
<?php
        $stream = stream_context_create([
            "ssl" => [
                "verify_peer" => false,
                "verify_peer_name" => false,
                "capture_peer_cert" => true,
            ],
        ]);
        $timeout = 30.0;
        $idnAddress = "your-domain-name";
        $port = 993;
        $protocol = 'ssl';
        $socketAddress = "{$protocol}://{$idnAddress}:{$port}";
        $client = @stream_socket_client($socketAddress, $errNo, $errStr, $timeout, STREAM_CLIENT_CONNECT, $stream);
        if ($client === false) {
            throw new \Atf_Exception("Failed to open '{$socketAddress}': {$errStr}", $errNo);
        }
        $cont = stream_context_get_params($client);
        $certInfo = openssl_x509_parse($cont["options"]["ssl"]["peer_certificate"]);
        var_dump($certInfo);

- console command
Bash:
echo | openssl s_client -showcerts -servername testdomain.tld -connect testdomain.tld:993 2>/dev/null | openssl x509 -inform pem -noout -text

Seems like you should contact with our support team Plesk Help Center to investigate this issue more detailed.
 
Last edited:
Back
Top