• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue DKIM public key longer than 255 chars

I

Ingesi

New Pleskian
Server operating system version
Ubuntu 22.04.3 LTS
Plesk version and microupdate number
18.0.57 Update #5
Hi all

I've migrated a domain from a server (Ubuntu 22.04.3 LTS) with Plesk Obsidian 18.0.57 to a new server (Ubuntu 22.04.3 LTS) with the same version of Plesk Obsidian 18.0.57
On the old server plesk was creating DKIM keys with default length (2048); the DKIM public key was long about 200 chars and all it was working good
On the new server with the same key length (2048) the generated record with the public key is long about 400 chars; when I try to copy the key on the DNS zone editor provided by the domain name maintainer the key is truncated at 255 chars, and this is normal because DNS records should be shorter then 255 chars
I tried to modify the DKIM key length in the panel.ini to 1024, then I've disabled andre-enabled DKIM for the domain to generate new keys, but the public keys was always longer than 255 chars
How can I have plesk generating shorter keys as in the old server?
If you need more details please let me know
Kind regards
Alessandro Barisone
 
2048 bit keys cannot be stored in a single DNS record. Instead a second record must be used. Have you checked whether a second record exists in your DNS?
 
The control panel of the maintainer (OVH) allows to paste keys longer than 255 chars; but when I do a nslookup I got the entire key with a space after the 255 char. If you want to check, try nslookup -q=txt default._domainkey.ingesi.it
I opened a ticket and they replied that domain records should be shorter than 255 chars and they can't handle an out of standard record
How can I split correctly they key in two different records?
Anyway, I'm 100% sure that on the previous server I'm using 2048 bit keys and the keys are shorter than 255 chars
If you want you can do nslookup -q=txt default._domainkey.ingesi.it server7.ingesi.it , Bind on Plesk replies with a key shorter, while in panel.ini the key length is set to the defaut value
Thank you
Kind regards
Alessandro Barisone
 
Ingesi said:
Anyway, I'm 100% sure that on the previous server I'm using 2048 bit keys and the keys are shorter than 255 chars
Click to expand...
The 2048 bit keys may never have been active. For example if you only changed the configuration but did not recreate keys, the existing keys would not have been changed.
 
You must log in or register to reply here.

Similar threads

J
Issue Need advice on upgrading Plesk Obsidian Version 18.0.44 to latest version to have DKIM 2048 key length
Replies
7
Views
341
AgustinLorenzo
A
C
Resolved DKIM is valid but signature fails
Replies
6
Views
2K
cmartinez127
C
H
Issue DKIM TXT records missing.
Replies
1
Views
727
Hezola
H
Alex Presland
Issue Emails forwarded by Plesk fail DKIM checks with certain attachments
2
Replies
21
Views
2K
Alex Presland
Alex Presland
P
Outgoing email messages not DKIM signed when enabled for a domain and in server settings
2
Replies
20
Views
5K
enerspace
enerspace
Back
Top