2. Invalid configuration
In some cases, the certificate chain does not contain all the necessary certificates to connect the web server certificate to one of the root certificates in our trust store. Less commonly, one of the certificates in the chain (other than the web server certificate) will have expired, and that invalidates the entire chain.
Morning!I did a test for mail.mydomain.co.nz. For some reason the test queried my VPS...
Same again (as above)This is the actual certificate for mydomain.co.nz (I can tell by the expiry date:
Obviously with sanitized domain names, nobody else can independently replicate what you appear to have tested and / or test / anything else, elsewhere, but it makes sense not to post your own hosted domain names, here on the forum.I take it this was the actual query:
If you're already hosting domains and sites for customers, then you really should already be aware, of exactly how to do this.So... my question is, why is it querying/confusing myvps.co.nz with mydomain.co.nz ???
Where in Plesk do I update this setting? Anybody?
Sometimes yes, it is. However, you've only posted ^ the summary (i.e. suggestion) not the data, that's actually specific to your own server / yourself (rightly so - see previous note about posting your own data in a forum etc) So.... it's extremely difficult for anybody on here, to determine if this applies to you 100% or not.Is the answer in here?
Hi @learning_curve — the test result is fromMorning!
You've not stated where / what / how you've tested here, but, this ^ was covered previously i.e. How you have administered your own config / setup etc
Guessing that this one, might be an excerpt from a full report generated by an ssl check /test site ?
Same again (as above)
Obviously with sanitized domain names, nobody else can independently replicate what you appear to have tested and / or test / anything else, elsewhere, but it makes sense not to post your own hosted domain names, here on the forum.
One thing that was asked earlier, but which, by chance you appear to have now answered, was this question:
Post #12 > "...Just out of interest, is your plesk hosting domain, a different domain than the one that you're now having mail issues with?" (sic)
From what you've posted above, it appears that your server hosting domain is indeed, a different domain than the domain that you're having mail issues with now. That, again, sends you back to how you have administered your own config / setup etc because you've already stated that you have full root access.
You can check the two different SSL Certificates here: SSL Checker and include their correct port numbers e.g. 8443 and 443 and / or any others, that you might have specified / be using, but do remember, that whilst this can and will validate any SSL Certs that you are currently hosting c/w plenty of supporting data, there are many other check sites too, but, perhaps most important of all, is that you won't see there, which SSL cert you've actually 'made default' within Plesk, as you'll need to view that within Plesk - Post #7 above.
Morning!
You've not stated where / what / how you've tested here, but, this ^ was covered previously i.e. How you have administered your own config / setup etc
Guessing that this one, might be an excerpt from a full report generated by an ssl check /test site ?
Same again (as above)
Obviously with sanitized domain names, nobody else can independently replicate what you appear to have tested and / or test / anything else, elsewhere, but it makes sense not to post your own hosted domain names, here on the forum.
One thing that was asked earlier, but which, by chance you appear to have now answered, was this question:
Post #12 > "...Just out of interest, is your plesk hosting domain, a different domain than the one that you're now having mail issues with?" (sic)
From what you've posted above, it appears that your server hosting domain is indeed, a different domain than the domain that you're having mail issues with now. That, again, sends you back to how you have administered your own config / setup etc because you've already stated that you have full root access.
You can check the two different SSL Certificates here: SSL Checker and include their correct port numbers e.g. 8443 and 443 and / or any others, that you might have specified / be using, but do remember, that whilst this can and will validate any SSL Certs that you are currently hosting c/w plenty of supporting data, there are many other check sites too, but, perhaps most important of all, is that you won't see there, which SSL cert you've actually 'made default' within Plesk, as you'll need to view that within Plesk - Post #7 above.
Okay, understood. Are you using your VPS / Plesk / Multi-Domain setup and providing a service for customers? Yes or No?I’ll test SSL and see what I get.
Basically everything is ‘out of the box’ Plesk configuration. VPS certificate has always been there and I assigned separate Let’sEncrypt certificates to sites. Which worked fine. But something apparently broke on my domain (all others are ok) when certificate auto-renewed in May and renewing cert manually didn’t fix things.
You didn't say where? You posted one of my previous messages that was sent after your test results, not before. So as a pure guess, it may have been at Secure Email that we had posted previously, but again, all of these types of tests are dependent on your test input plus your Plesk config / setup.Hi ~ the test result is from
You are here: Home > Projects > SSL Server Test > mail.mydomain.co.nz
SSL Report: mail.mydomain.co.nz (XXX.X.XX.XX)
Assessed on: Sat, 08 Jul 2023 02:06:24 UTC | Hide | Clear cache
Scan Another »
Certificate name mismatch
Click here to ignore the mismatch and proceed with the tests
Try these other domain names (extracted from the certificates):
What does this mean?
We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It's possible that:
- The web site does not use SSL, but shares an IP address with some other site that does.
- The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.
- The web site uses a content delivery network (CDN) that does not support SSL.
- The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.
SSL Report v2.1.10
Doesn't match Common Name or/and SANs
Secure Connection Failed
An error occurred during a connection to server.myvps.co.nz. PR_END_OF_FILE_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
That is because your mail server name that you are using in your devices does not match the hostname for which you have a mail server certificate.that I no longer have IMAP access.
That is why I suggested:Plesk themselves won’t help me because my copy of Plesk is licensed to my ISP, so I don’t have a licence with them.
If you bought your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative:
https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-
Didn't see / get involved that other thread sorry, so can't comment on that. However, at the risk of being blunt, can say that on this thread, we have asked several questions, which for whatever reason, you've simply not answered. The irony of that is, that the person suffering most from that, is yourself.Hi again @Peter Debik . Thanks for the help you have given so far. I opened the second thread because I felt I was closing in on the root cause of a problem that has been a problem for over a month. @learning_curve has made some suggestions I have found useful.
See above comment, then refer back to previous comments / questions re: your own management of Plesk config / setup, plus relevant previous experience etcI have established that of the 10 domains I host in this VPS three domains (my own domain included) are affected by this issue. As unlikely as it may seem, IMAP is detecting a conflict between the certificates assigned by Let’sEncrypt and the certificate assigned to my Plesk VPS. It would seem that I’m able to make an exception to this conflict in POP3 and SMTP connections but not in IMAP. Which is why IMAP refuses connections with the designated mail server account (mail.mydomain.co.nz). IMAP keeps looking at mail.myvps.co.nz and seeing a conflict that I cannot make an exception to.
Again, see previous comments ^ but also, we (just as @Peter Debik has done, a few times now) previously suggested that you raise a Plesk Support Ticket in order to resolve all of your own, current management of Plesk config / setup issues, because from what you've posted / half-posted so far in this thread, Plesk is absolutely NOT the cause or indeed the issue in this case.This problem first occurred on my wife’s email account. When I reset my account (which was working) I believe I lost an exception that he’d been stored, with the result that I no longer have IMAP access.
I guess you feel this is chasing unicorns instead of horses, but this is all I can put things down to. My ISP has said they can’t help me because they have no access to my VPS, and I should go to the Plesk forum. Plesk themselves won’t help me because my copy of Plesk is licensed to my ISP, so I don’t have a licence with them.
Again, see previous comments, then please proceed with raising a Support Ticket, thus avoid any more speculative, time wasting exercises (for yourself - that is).This is all proving to be very frustrating. I’m not a web server guru — this is why I have Plesk on my VPS. I don’t know if the problem is with the SSL certificate of the VPS itself, but each individual site on the VPS has valid credentials.
At this stage all I can think is to see if renewing the credentials for Plesk VPS itself would fix the problem, or if I have to dispense with Plesk-based email totally and find an alternative method.
Great. That ^ is correct.@Peter Debik — you have said in the past that the problem is not Plesk, or Dovecot, but that my security configurations are wrong. I’m not disagreeing with you,
Who did? Unless there's a big misunderstanding, only you have root access to your Plesk / VPS etc & to date, there's only you administratively managing this.but I’m also pointing out that I didn’t specify these settings.
Again, see previous comments...I’m not sure when or how the security certificate for Plesk was generated within Plesk. Problem is IMAP thinks there’s a conflict. And all I want to know is how to reassure IMAP that things are OK
An ironic closing statement Still, please make a final post, once your support ticket and Plesk technical support staff resolve all of your own, current management of Plesk config / setup issues. Based on the content of this thread, to date you'll definitely need to grant the Plesk technical support staff Access to your Plesk / VPS via SSH in order for you to achieve a timely conclusion (you posting all of the details etc in messages within that ticket will take too long).*sigh*
As you use Plesk through your hosting provider, they are your first point of contact for support and general inquiries. They should assist you with technical issues with Plesk or any questions related to Plesk, as they provide you with your Plesk software. Plesk partners are fully trained by Plesk and deliver best-in-the-industry support for Plesk products running on their infrastructure.
If they refuse to assist you or cannot resolve the issue, you can use our free support resources:
1. Visit the Plesk Support self-service resources for most commonly asked questions: https://support.plesk.com/hc/en-us
2. Collaborate with other professionals at Plesk Facebook Community Plesk Online Community | Facebook
3. Tweet to Plesk https://twitter.com/intent/tweet?text=@PleskHelps
Please let us know in case of any questions we will be glad to assist.
Over the past month I have spent extended periods of time with my Hosting Provider. Today I actually got them to agree about the cause of the problem (individual SSL certificates for hosted sites are conflicting with the SSL certificate for the VPS), but they don't know how to fix it.
I have had discussions on the Plesk forum and they are telling me that the problem is the way I've administered my server and set up my SSL certificates (I'm using Plesk 'out of the box' and am not attempting anything fancy here). People on the forum have been helpful, but in the end they keep telling me that I AM THE PROBLEM.
I've searched on the Plesk knowledgebase to no avail.
In conclusion I'm totally over this ****. Everything has been working fine for websites and email on this VPS for years, but in May this year the problem started when the SSL Certificate on my domain (mydomain.co.nz) auto-renewed. Today I heard that the same thing happened to another domain that I host on the same VPS. I'm moving my email services from Plesk as I don't believe that the support is there and I need a service that actually works.
I am sorry to hear that your experience with support for Plesk was less than optimal.
In case you are the administrator of your server, you should have access to the licensing (under tools and settings > license information). In that case, even if a license is purchased through a provider there is a way to get support from Plesk directly. Please refer to https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-
However, if you do not have administrative access to the server, there is nothing we can help with, unfortunately.
Please let me clarify that Plesk licenses purchased from Plesk reseller’s do not have technical and licensing support available from Plesk teams.
In order to get technical assistance from Plesk technical support team for such Plesk licenses, it would require to purchase Plesk technical support subscription (first month is free), please find the instructions at https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-.
Indeed, to get Plesk Technical subscription, it would require to register in our Support portal, for that a new account should be manually created by the subscription owner at Plesk 360. Please make sure to use the same email address for registration in our Support Portal and purchasing your Technical support subscription.
New account should be manually created because Plesk uses different systems from your Plesk license provider.
FWIW We don't work for Plesk / have no professional and/or other close association with them.~
Great. So despite paying my Plesk Reseller a monthly fee for the service I DON'T have any Technical Support from Plesk themselves unless I purchase a Technical Support Subscription ?!!
No further comments on this ^ "ONE certificate" (sic) belief, other than, it's incorrect. Context and/or lack of, is very relevant in this case.Back to my ISP. They confirm there is a conflict with SSL Certificates for my Plesk VPS and individual site certificates. The can see the error message that verify this. Believing that is could be that Plesk only allows ONE certificate on a server for email, they suggest I use the same SSL certificate to verify ALL domains hosted on this VPS. This doesn't work. They can't really advise more as they don't actually use Plesk email.
As per previous posts... Your errors are not just because you're using Plesk... Plesk technical support staff could / would no doubt resolve all of your own, current management of Plesk config / setup issues that are the actual cause of them, but you've chosen a different option, which you're completely satisfied with.I've had enough. I moved my email services to a new provider and full service has been restored. As I did this, I heard from one of my clients hosted on this server. Her SSL certificate auto-renewed 26th June and she's just discovered she can't send email form her phone. Sounds familiar?
I'm moving her email from Plesk to another provider today.
At the risk of stating the obvious... Regardless of your chosen Hosting Provider, delivering a pre-configured VPS package to you, as per your order to them, a VPS package that was complete with a Plesk licence, but one that offered limited support for Plesk only through them, you, not them, took over configuration, management and maintenance of that VPS package, at root level aka Full accountability & responsibility, for its continuous, successful operation. It's that simple.~ I had numerous conversions with my VPS Hosting Provider (not my ISP) regarding this issue. When you purchase a VPS from them they make it clear they offer limited support as they are unable to access the VPS Configuration and elements themselves. I'm not sure why they say this as they configured Plesk on the VPS in the first place and logically, must have Root User access but there you go...
There's so many ifs / whats / maybes / assumptions / diversions and avoidance statements in there, that it's too discombobulated to follow and or ratify.My VPS Hosting Provider (not my ISP) has never struck this issue as they don't use Plesk for email themselves. In fact I am wondering if they have an issue with SSL certificate configuration as I occasionally need to make exceptions when accessing my VPS and 'trust' the page I am visiting. Presumably my VPS Hosting Provider (not my ISP) is paying Plesk a licence fee. Something in my communications with Plesk made me think that this meant that as a registered user (albeit through a third party) this cover extended to me. Apparently not.
That's entirely your own experience and decision, which you've moved on from, by taking another option that you're confident in using. Maybe a little blunt, but the reliability of Plesk as an e-mail platform, quite possibly supersedes your own levels of pro-active management of your VPS's Plesk configuration & usage. This applies to other Plesk users too, so isn't unique or a failure of any kind, but Plesk ending up as collateral damage due to blame shifting is just plain wrong. Even more so, when despite the reasons for your own Plesk e-mail and/or SSL Certificates config failures being identified several times, they have been ignored.And while I could have paid for a licence from Plesk (free for the first month) I had lost confidence in the reliability of Plesk as an email platform.
Please refer back to "Full accountability & responsibility..." in the opening paragraph.Consider this: everything was working fine, emails over IMAP were being received, emails were being received over POP3 (with an 'exception' granted) and emails were going out over SMTP. Until my personal domain security certificate renewed and then suddenly they weren't. In effect, whatever configuration that was there before worked, SSL certificate renews and then it doesn't. I didn't physically change anything between things working and things not working.
Again, That's entirely your own experience & decision, which you've moved on from, by taking another option that you're confident in using. Many other Plesk users may well have a completely different opinion though (based on all of the posts in this thread and... their own experiences with Plesk / Plesk e-mail / Plesk technical support etc etc ) & there's nothing wrong with that. Not seeking to start or continue arguments with you. It's a closed item now. So let's all move on.Finally the 'random' nature of this event (one device can send but not receive, one can receive but not send, then I get and SSL Certificate not trusted error and all the websites hosted on this VPS go down until server apparently resets). Which is why I no longer 'trust' Plesk for email services.