I'd like to add what I did to this thread because I've been looking myself for a solution using let's encrypt and PLESK and this thread pops up first. Basically since it's becoming a bit confusing reading all the posts from the start to here I'd like to clarify my process.
If you're using Postfix as mail server you're definitely not able to use SNI or multiple certificates since it doesn't support either. Therefore you have to issue a single certificate which contains multiple domains also known as SAN certificate.
SAN Certificates are supported by let's encrypt for up to 100 domains.
As a test case I tried it on my server using Debian 8
The steps I followed:
1. Install certbot utility from the jessie-backports
2. Create the following subdomains on PLESK. "mail.domain1.com" "mail.domain2.com"
Assuming you use default paths for webroot folders
3. Using certbot then
Code:
certbot certonly --email "[email protected]" --webroot -w /var/www/vhosts/domain1.com/mail.domain1.com -d mail.domain1.com \
-w /var/www/vhosts/domain2.com/mail.domain2.com -d mail.domain2.com \
This will create certificates in /etc/letsencrypt/live/mail.domain1.com folder
The certificates here are self explanatory but they're valid for both domains mail.domain1.com and mail.domain2.com
4. Using plesk you can go to Tools & Settings -> SSL/TLS Certificates -> Add -> Upload certificate from text and copy paste the certificates accordingly.
5. Set this certificate as mail server certificate.
Connect via email client and it works without any nags.
The catch is that this is not automated and you need to create a subdomain for each mail.domain.com record you need. I'm currently in the process of searching for a way to redirect all requests for mail.* from nginx or apache to the default server domain via a rule so I can avoid the creation alltogether as let's encrypt only needs the path declared as webroot to be accessible via the internet to verify the challenge.
Of course since it's not integrated with Plesk you need to renew manually and update whenever you add a domain so it's not suited for automated hosting providers.
I'd appreciate any ideas on how to make the redirection