Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Resolved How to secure mail of domain with Lets Encrypt
- Thread starter Giorgos Kontopoulos
- Start date
-
- Tags
- lets encrypt mail onyx plesk ssl/tls
sergiomb
Basic Pleskian
sergiomb
Basic Pleskian
I also meant if we have anyway to test an beta version of next "Plesk Let's Encrypt Extension" ?
hugosnel
Basic Pleskian
Hello , used #57
added dns recoreds
stoped dovecot
plesk bin extension --exec letsencrypt cli.php --cert-name atelea.fr -d atelea.fr -d www.atelea.fr -d webmail.atelea.fr -d mail.atelea.fr -d smtp.atelea.fr -d pop3.atelea.fr -d imap.atelea.fr -d imap.atelea.fr --email [email protected] --expand
[2017-05-09 09:39:09] ERR [extension/letsencrypt] Execution of /usr/local/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Install certificate failure: Unable to set certificate name :
Execution of /usr/local/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Install certificate failure: Unable to set certificate name :
exit status 1
added dns recoreds
stoped dovecot
plesk bin extension --exec letsencrypt cli.php --cert-name atelea.fr -d atelea.fr -d www.atelea.fr -d webmail.atelea.fr -d mail.atelea.fr -d smtp.atelea.fr -d pop3.atelea.fr -d imap.atelea.fr -d imap.atelea.fr --email [email protected] --expand
[2017-05-09 09:39:09] ERR [extension/letsencrypt] Execution of /usr/local/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Install certificate failure: Unable to set certificate name :
Execution of /usr/local/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Install certificate failure: Unable to set certificate name :
exit status 1
onycro
Basic Pleskian
A step by step solution is provided on Page #3, Post #57.
But even though I had to make some changes:
- mistake at the cli ("-d imap.YOUR-DOMAIN.com -d imap.YOUR-DOMAIN.com") - double certificate param for imap subdomain is not necessary or might be wrong
- I had to stop the webmail service for the whole server (haven't been able to stop it at the website config page)
But even though I had to make some changes:
- mistake at the cli ("-d imap.YOUR-DOMAIN.com -d imap.YOUR-DOMAIN.com") - double certificate param for imap subdomain is not necessary or might be wrong
- I had to stop the webmail service for the whole server (haven't been able to stop it at the website config page)
U
UFHH01
Guest
Hi HHawk,
funny that you just posted, even that a NEW version is available:
We might not be "at the end of the road" for all wishes, but as you can see, constant improvements are done!
funny that you just posted, even that a NEW version is available:
We might not be "at the end of the road" for all wishes, but as you can see, constant improvements are done!
T
timscha
Guest
I tried the updated extension, but got an error message for all my domains:
Fehler: Fehler bei der Installation des SSL-Zertifikats von Let's Encrypt: Could not obtain directory: Invalid response: <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>
An error occurred while processing your request.<p>
Reference&#32;&#35;97&#46;57f01202&#46;1495184638&#46;22b42af3
</BODY></HTML>
.
Status: 504.
Edit: An colleague has the same problem on a different server. My server is running with Debian, the other one with CentOS.
Edit: Let's Encrypt status update: Let's Encrypt Status
Fehler: Fehler bei der Installation des SSL-Zertifikats von Let's Encrypt: Could not obtain directory: Invalid response: <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>
An error occurred while processing your request.<p>
Reference&#32;&#35;97&#46;57f01202&#46;1495184638&#46;22b42af3
</BODY></HTML>
.
Status: 504.
Edit: An colleague has the same problem on a different server. My server is running with Debian, the other one with CentOS.
Edit: Let's Encrypt status update: Let's Encrypt Status
Last edited by a moderator:
U
UFHH01
Guest
Hi timscha,
there are things which Plesk can control, and things, which are impossible for Plesk to control. If the Let's Encrypt service itself throws out errors/issues/problems, there is absolutely no way to "fix" that with Plesk or manually on your server... you have to be patient, untill they solve THEIR issues and repeat your steps afterwards.
there are things which Plesk can control, and things, which are impossible for Plesk to control. If the Let's Encrypt service itself throws out errors/issues/problems, there is absolutely no way to "fix" that with Plesk or manually on your server... you have to be patient, untill they solve THEIR issues and repeat your steps afterwards.
ssaki
New Pleskian
We might not be "at the end of the road" for all wishes, but as you can see, constant improvements are done!
Thanks for solving this!
One more thing is still missing tough - enabling the "Permanent SEO-safe 301 redirect from HTTP to HTTPS" option has no effect on the webmail.example.com subdomain and it seems that there is no equivalent option (e.g. in "Mail settings").
I'd personally be happy if this just gets enforced upon installing a certificate, but perhaps having an option in mail setting will be more appropriate with respect to the entire user base.
Cheers
Last edited:
You're right about the timing.... But...
The update failed as ALL updates to the component LetsEncrypt failed in the past on ALL of my Plesk servers.
I can remove the component LetsEncrypt and re-install it, but it is not that elegant...
It also feels risky as I don't know beforehand that I will be able to install it again after removing it.
If I'm not able to install the LetsEncrypt component after removing it this becomes a very serious problem!!!!
Please recognize this dillemma Plesk is posing their customers!!!
This should not be treated as a minor anomaly.
The bug is known by Plesk and I've seen others on this forum mentioning it as well.
No software is bug free and this kind of stuff is not easy to make, but this behaviour has been there from the beginning and upgrade after upgrade it's the same (even on fresh installs).
I also would like to have an optional automatic redirect from http to https so it's not necessary to inform all clients of this great upgrade.....
Last edited:
sergiomb
Basic Pleskian
TLDR , is the risk of earlier access ... ,
U
UFHH01
Guest
Hi mr-wolf,
In addition, I can't see any reason at all, why a thread with the title "How to secure mail of domain with Lets Encrypt" should be used for complete different ( possible ) issues and I don't feel very comfortable to discuss/reply to your... let me call it: "complaints" / If you desire to give a feedback to Plesk and it's employees, pls. open a thread at for example: => Home > Forum > Plesk Discussion > Plesk Suggestions and Feedback
I will leave this single answer to you, as it is without further comments.
Another addition: Pls. feel free to submit feature requests at => Feature Suggestions: Top (1474 ideas) – Your Ideas for Plesk , describing your needs and wishes ( ... and pls. keep in mind to explain as well the buisiness case, as this is standart for Plesk feature requests ), because this thread is definetely the wrong place for such requests.
If ( for wathever reason, you experience issues / errors/ problems with the Plesk Let's Encrypt version, pls. consider to open a decent bug - report at "Home > Forum > Plesk Discussion > Reports", if you can't find any solution with the help of the Plesk Community and it's users.
In addition, I can't see any reason at all, why a thread with the title "How to secure mail of domain with Lets Encrypt" should be used for complete different ( possible ) issues and I don't feel very comfortable to discuss/reply to your... let me call it: "complaints" / If you desire to give a feedback to Plesk and it's employees, pls. open a thread at for example: => Home > Forum > Plesk Discussion > Plesk Suggestions and Feedback
I will leave this single answer to you, as it is without further comments.
Another addition: Pls. feel free to submit feature requests at => Feature Suggestions: Top (1474 ideas) – Your Ideas for Plesk , describing your needs and wishes ( ... and pls. keep in mind to explain as well the buisiness case, as this is standart for Plesk feature requests ), because this thread is definetely the wrong place for such requests.
U
UFHH01
Guest
Hi ssaki,
pls. feel free to submit feature requests at => Feature Suggestions: Top (1474 ideas) – Your Ideas for Plesk , describing your needs and wishes ( ... and pls. keep in mind to explain as well the buisiness case, as this is standart for Plesk feature requests ), as this thread here depends on "How to secure mail of domain with Lets Encrypt" and it's investigations/suggestions to solve them ( in the past - before the latest updates/upgrades/patches for this Plesk Let's Encrypt Extension.
pls. feel free to submit feature requests at => Feature Suggestions: Top (1474 ideas) – Your Ideas for Plesk , describing your needs and wishes ( ... and pls. keep in mind to explain as well the buisiness case, as this is standart for Plesk feature requests ), as this thread here depends on "How to secure mail of domain with Lets Encrypt" and it's investigations/suggestions to solve them ( in the past - before the latest updates/upgrades/patches for this Plesk Let's Encrypt Extension.
Hi Giorgos Kontopoulos,
you could use the not documented command:
Code:plesk bin extension --exec letsencrypt cli.php -d YOUR-DOMAIN.COM -d www.YOUR-DOMAIN.COM -d webmail.YOUR-DOMAIN.COM -d mail.YOUR-DOMAIN.COM -d smtp.YOUR-DOMAIN.COM -d pop3.YOUR-DOMAIN.COM -d imap.YOUR-DOMAIN.COM -d lists.YOUR-DOMAIN.COM --email [email protected] --expand
As you can see, I included all possible subdomains, which are "normally" not setup over the Plesk Control Panel, such as "webmail.", "mail.", "smtp.", "pop3.", "imap." and "lists.". Pls. keep in mind, that there is a maximum of 100 Let's Encrypt SAN - certificate - names.
The "--expand" option at the end should be used, if there has been a previous certificate creation, which you are now able to EXPAND with the additional (sub)domain - names - if you didn't create a previous certificate for the domain, pls. leave out this option.
If you experience issues with the suggestion, pls. consider to include the Let's Encrypt - log and the output from your command line, after you used the command for further investigations.
If I created a domain alias called mail.yourdomain.tld and then created the LE certificate. Then deleted the alias and re-added the mail "A" record to yourdomain.tld. Will LE continue to renew the domain? Thank you for your time...
Hi HHawk,
funny that you just posted, even that a NEW version is available:
We might not be "at the end of the road" for all wishes, but as you can see, constant improvements are done!
Webmail is the same as normal email? As in mail.domain.com.
I don't use webmail, but I do use my mailservers. Thought this was going to be released as well?
Because currently it's a pain to use Let's Encrypt with mail-servers (as in mail.domain.com) especially with renewing.
With DirectAdmin this was already possible from almost the first day.
I am really considering moving my (personal) domains to a DirectAdmin server, just because of this feauture....
You're asking for troubles when going to that path to put LetsEncrypt on your mail.
Multiple certificates on mail is only supported by some modern mail clients.
Most mail clients don't offer the mailserver the information to offer the correct certificate.
I'm not saying it's not working.... It just won't work for all your clients probably.
A few weeks ago I told someone to really stop using Outlook 2003. I haven't seen Outlook Express for a while though.. (did see a Pegasus).
With relying on LetsEncrypt and all these scripted procedures that could go wrong at the time you most need it, this is even more hazardous... I'm not going down that path.
If you do and get bitten. Do have the courage to come back and told me I was right.
I have a wildcard certificate on my mail services.
Each client has their own hostname to connect.. all matching that wildcard.
Last edited:
Ofcourse a wildcard might be a solution for my own personal domains (about 14 wildcards * $$$), however I cannot force all of our 50k customers to buy a Wildcard as well.
I also cannot force all of those customers to drop their Outlook 20xx versions, just because of this.
The funny thing is, is that this is possible with DirectAdmin in combination with Let's Encrypt. We already moved about 15% of our customers over to DirectAdmin who wanted this, but didn't want to pay for a certificate (I can't blame them). As a result of this we already terminated 22 Plesk licenses. And I can see terminating more, if customers keep having problems... Oh well....
