Resolved Certificate Outlook

[jonny_alex]

When i use outlook for my Websites Email, i always get the same error telling me my certficate isn't valid.

Then i can still accept or decline it. This error pops up with every start of Outlook.

I use Let's encrypt for my ssl Certificates for the Websites.

What's the most useful solution to use ssl on the mails and get rid of this warning? Installing Certificate didn't work sadly.

I use qmail and dovecot on my server.

 

[Monty]

You must use the FQDN hostname of your Plesk server:
Incoming mail server: your.plesk-hostname.tld
Outgoing mail server: your.plesk-hostname.tld

Also, make sure that this has been done:
* Go to Tools & Settings => SSL/TLS certificates
* Make sure you have a valid Let's Encrypt certificate
* Make sure that certificate is selected at "Certificate for securing mail"

See also:
Resolved - I'm stuck in mail hell. How do I fix server verification issues?

 

[jonny_alex]

You must use the FQDN hostname of your Plesk server:
Incoming mail server: your.plesk-hostname.tld
Outgoing mail server: your.plesk-hostname.tld

Also, make sure that this has been done:
* Go to Tools & Settings => SSL/TLS certificates
* Make sure you have a valid Let's Encrypt certificate
* Make sure that certificate is selected at "Certificate for securing mail"

See also:
Resolved - I'm stuck in mail hell. How do I fix server verification issues?

Is there a way to get the server settings automatically, that my clients don't have to set up everything manually?

Thanks

 

[ChristophRo]

Yes, there is - but with some implications:

• out of the box it only works for POP3 accounts
• IMAP is possible, but only if you a) use Dovecot (and not/never the Courier POP/IMAP daemon) and b) fiddle around with the default namespace config (I can only recommend that for fresh servers)

If this is not a problem, then here is a short manual on how to set up an autodiscover service (for Outlook) on your Plesk server.

1) create a new domain or subdomain and name it autodiscover.yourdomain.tld or something similar. Technically it does not matter, but as it will be visible to the users (see screenshot) when setting up an account, you may wanna use a sane name.


2) setup a LetsEncrypt SSL certificate for this domain and add the following line to the additional directives for HTTP and HTTPS under "Apache & nginx Settings"

AddHandler php-script .xml

3) create a subdirectory autodiscover in the webroot of this domain and place a file called autodiscover.xml with the following content in there. (replace your.plesk-hostname.tld with the name of your Plesk server, i.e. the common name in the SSL certificate for your mail service)

<?php
  $raw = file_get_contents('php://input');
  $matches = array();
  preg_match('/<EMailAddress>(.*)<\/EMailAddress>/', $raw, $matches);
  header('Content-Type: application/xml');
?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
   <Account>
     <AccountType>email</AccountType>
     <Action>settings</Action>
     <Protocol>
       <Type>POP3</Type>
       <Server>your.plesk-hostname.tld</Server>
       <Port>995</Port>
       <DomainRequired>off</DomainRequired>
       <SPA>off</SPA>
       <SSL>on</SSL>
       <AuthRequired>on</AuthRequired>
       <LoginName><?php echo $matches[1]; ?></LoginName>
     </Protocol>
     <Protocol>
     <Type>IMAP</Type>
     <Server>your.plesk-hostname.tld</Server>
       <Port>993</Port>
       <DomainRequired>off</DomainRequired>
       <SPA>off</SPA>
       <SSL>on</SSL>
       <AuthRequired>on</AuthRequired>
       <LoginName><?php echo $matches[1]; ?></LoginName>
     </Protocol>
     <Protocol>
       <Type>SMTP</Type>
       <Server>your.plesk-hostname.tld</Server>
       <Port>587</Port>
       <DomainRequired>off</DomainRequired>
       <SPA>off</SPA>
       <Encryption>tls</Encryption>
       <AuthRequired>on</AuthRequired>
       <LoginName><?php echo $matches[1]; ?></LoginName>
     </Protocol>
   </Account>
  </Response>
</Autodiscover>

4) due to naming disparites in different Outlook versions and case senitivities of most systems, I strongly recommend to also create the following symlinks to the autodiscover directory and autodiscover.xml file

• Autodiscover -> autodiscover
• Autodiscover.xml -> autodiscover.xml
• AutoDiscover.xml -> autodiscover.xml

5) create the following SRV record in the DNS configuration of your domains (or the global DNS template) - adjust the "Target Host" field accordingly to the name you've chosen in step 1



Thats it, now the autodiscover setup of email accounts for that/these domain(s) should work.
If you want to setup IMAP (see the limitations I've written about in the beginning of this post) accounts instead of POP3, just switch the POP3 and IMAP < Protocol > section in the .xml file, Outlook chooses the first one it finds

 

[jonny_alex]

Are there any changes in terms of the new plesk?

I still didn't figure out how to create a certificate that let's any user login to his mail through ssl, is there an easy way to create it and set it as default with let's encrypt??

and then for new users to Login throug f.e. Outlook without typing in all manually?

 

[Ales]

Within the scope of Plesk Onyx, the above advice is correct and I don't expect any new developments.

Are you using Plesk Obsidian now? If you are, perhaps a new thread under the respective forum section would be in order... in any case, Plesk Obsidian supports SNI for mail if Postfix and Dovecot is used. There are still limitations (e.g. only example.com can be used as a mail server name, not mail.example.com) but the basic functionality is there.