futureweb
Regular Pleskian
- Server operating system version
- AlmaLinux release 8.9 (Midnight Oncilla)
- Plesk version and microupdate number
- Plesk Obsidian Version 18.0.59 Update #2
Hello,
we are experiencing the following issue with our Mail Only Hostings on Plesk. "dom.tld"/"www.dom.tld" point to a different server, "mail.dom.tld" points to Plesk.
Email addresses are set up under dom.tld - for example: [email protected].
In order to obtain an SSL certificate for the mail services, the sub-domain mail.dom.tld is set up, the Let’s Encrypt certificate is ordered via SSL it!, and then manually assigned to the mail services of the main domain dom.tld.
So, the mail services of dom.tld run with the mail.dom.tld certificate.
Now, with dozens of these configurations, there is an issue where sometimes the end devices do not accept the certificate after a renewal of the SSL cert and throw a certificate error.
At the moment, this can only be resolved by removing the certificate from dom.tld. Reissuing the mail.dom.tld cert, and then reassigning it to the mail services of dom.tld. (For whatever reason?!?)
However, this whole process involves significant manual work that we would like to avoid...
Is there any way to perform this workflow via CLI or API? I haven't found a way to remove and renew the certificate from the mail services using "plesk ext sslit" or "plesk bin certificate". I can only manage the reassignment with these commands?
Maybe someone has an idea regarding this?
Thank you very much,
Regards from Austria
Andreas
we are experiencing the following issue with our Mail Only Hostings on Plesk. "dom.tld"/"www.dom.tld" point to a different server, "mail.dom.tld" points to Plesk.
Email addresses are set up under dom.tld - for example: [email protected].
In order to obtain an SSL certificate for the mail services, the sub-domain mail.dom.tld is set up, the Let’s Encrypt certificate is ordered via SSL it!, and then manually assigned to the mail services of the main domain dom.tld.
So, the mail services of dom.tld run with the mail.dom.tld certificate.
Now, with dozens of these configurations, there is an issue where sometimes the end devices do not accept the certificate after a renewal of the SSL cert and throw a certificate error.
At the moment, this can only be resolved by removing the certificate from dom.tld. Reissuing the mail.dom.tld cert, and then reassigning it to the mail services of dom.tld. (For whatever reason?!?)
However, this whole process involves significant manual work that we would like to avoid...
Is there any way to perform this workflow via CLI or API? I haven't found a way to remove and renew the certificate from the mail services using "plesk ext sslit" or "plesk bin certificate". I can only manage the reassignment with these commands?
Maybe someone has an idea regarding this?
Thank you very much,
Regards from Austria
Andreas