• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question How can I secure my Mail with Letsencrypt next to Cloudflares Origin Certificate in Plesk?

C

cpulove

New Pleskian
Server operating system version
Debian 12 latest
Plesk version and microupdate number
latest
I fimnally was able now to install a Origin Certificate on my Plesk Server.


My question now, how can I use Letsencrypt to secure my E-Mail, next to cloudflares origin.

Cloudflare Certificate Secures the host itself, so: hostname.xy and the wildcard *.hostname.xy
In Plesk I setup SSL the same way: hostname.xy + wildcard *.hostname.xy + webmail.hostname.xy to secure everything from serverside to cloudlfare.
Alls DNS entries which are proxied use the Cloudflare Certificate.

But how about my mail domain A_Record? mail.hostname.xy

If setup, this should create an error, as this DNS entry will be not proxied and therefor show an SSL error?

What is best practice to use both (cloudflare for all http traffic) and Letsencrypt side by side?
Is a valid solution to create a subdomain mail.hostename.xy and secure this exclusively via Hosting > SSL/TLS dropdown menu with the Letsencrypt Certificate from the main domain setup which also secures POP3, IMPA and SMTP?

Here is an article with an open question at the end of the comments?


If someone could help here, would be awesome!
 
That's a scenario that isn't fully supported by Plesk (yet). What you can do instead is use the server host name for secured POP, IMAP and SMTP connections. The server host name is secured for mail traffic too.
 
Thanks for the reply. I know that your way works, but unfortunately I have a lot of customers on my server and they manage their own domains. I can not force them to use other hostname settings, rather then their own domainname.

So far it seems to work on a Testdomain and an extra subdomain > mail.hostename.xy with the Letsencrypt Certificate from the main domain hostename.xy. Not sure how this will go thru the autorenewing process of Letsencrypt when the Certificate expires.
Are there any future plans to update this features, esp. support for other services as cloudflare? I also see, that the separate users can not choose their own cloudflare API tokens, which is pretty annoying so far.
 
cpulove said:
Thanks for the reply. I know that your way works, but unfortunately I have a lot of customers on my server and they manage their own domains. I can not force them to use other hostname settings, rather then their own domainname.
Click to expand...
Maybe not force them, but at least (strongly) recommend it. I've been doing this for years without much issues.

cpulove said:
So far it seems to work on a Testdomain and an extra subdomain > mail.hostename.xy with the Letsencrypt Certificate from the main domain hostename.xy. Not sure how this will go thru the autorenewing process of Letsencrypt when the Certificate expires.
Click to expand...
I've never used this method myself, so I am not completely sure. But if I am not mistaken this causes on (automatic) renewal of the certificate, because the renewed certificated won't be applied to the parent domain. (But I might be wrong on this).

cpulove said:
Are there any future plans to update this features, esp. support for other services as cloudflare?
Click to expand...
Other CDN services you mean? Or DNS services?
 
Kaspar said:
Maybe not force them, but at least (strongly) recommend it. I've been doing this for years without much issues.


I've never used this method myself, so I am not completely sure. But if I am not mistaken this causes on (automatic) renewal of the certificate, because the renewed certificated won't be applied to the parent domain. (But I might be wrong on this).
Click to expand...

I guess, as the mail.hostename.xy subdomain is not proxied over cloudflare, the renewing should be fine on the plesk server. But I am not 100% sure either.
There is also a way, to force the _acme-challenge with an NS record for the Domain: NS _acme-challenge hostename.xy which works for letsencrypt and autorenew for all nonproxied records.

Bildschirmfoto 2024-11-26 um 12.53.22.png
Kaspar said:
Other CDN services you mean? Or DNS services?
Click to expand...
I meant, if Plesk updates regarding to this SSL features are planned. And there is already a Cloudflare Extension which only supports one general Cloudflare API code, but not different apis from different Cloudflare users.
 
You must log in or register to reply here.

Similar threads

C
Question Plesk with Cloudflare Proxy DNS Records and Letsencrypt..
Replies
0
Views
815
cpulove
C
C
Issue Cloudflare Origin SSL Zertifikate does work and protect
Replies
1
Views
1K
cpulove
C
P
Issue Certificate problem in Plesk
Replies
5
Views
836
Raul A.
R
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
1K
mow
M
C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
487
Chucky_213123
C
Back
Top