Resolved Let's Encrypt and IOS problem

[Cordal]

I have a plesk server with the mail server protected by an SSL certificate Let's Encrypt, the problem occurs every time this certificate is automatically renewed, and mail clients that work under the Apple IOS system, the warning appears that the certificate is not reliable, and there is no way to accept it unless you delete the account and configure it again, anyone knows a solution for this?

 

[Brujo]

you might check this Plesk knowledgebase entry Mail users with iOS and MacOS devices cannot access mail after certificate renewal on Plesk server: Cannot Verify Server Identity
Securing Plesk and the Mail Server With SSL/TLS Certificates
and Plesk Onyx + lets encrypt + iphone (lack of trust button)

 

[Bitpalast]

anyone knows a solution for this?

The first Plesk faq article mentioned is indeed the best solution there is, I'll mark the thread as "solved". We, too, have very many customers who suffer from this iOS bug. It is so annoying for the users, but it's clearly an iOS issue.

 

[Cordal]

Thanks for the answers, this problem is really annoying.

 

[Bobbbb]

Hello. The referenced Plesk article now gives a "not authorized" message. Please restore access to the article, and/or provide an update, if something has changed that affects this issue. Our 2 year certificate is coming up for renewal and I wanted to review the article before notifying Apple users that they will have to recreate their mail accounts on iOS, when the certificate is renewed, due to this issue.

 

[Bitpalast]

Let's Encrypt certificates have a 3-month-renewal period. If your certificate is 2 years old, it cannot be a Let's Encrypt certificate.

 

[Bobbbb]

The issue described here relates to any certificate renewal, not just Let's Encrypt.

 

[dietcheese]

Does anyone have the resolution to this issue? The Plesk help page on it is gone.

 

[edmundo]

This link is no longer valid, would it have another KB related?

Mail users with iOS and MacOS devices cannot access mail after certificate renewal on Plesk server: Cannot Verify Server Identity

Applicable to: Plesk for Linux Symptoms Let's Encrypt SSL certificate securing mail has been renewed on the Plesk server. Mail server name is specified correctly in settings of mail client (i...

support.plesk.com

 

[Bobbbb]

The first Plesk faq article mentioned is indeed the best solution there is, I'll mark the thread as "solved". We, too, have very many customers who suffer from this iOS bug. It is so annoying for the users, but it's clearly an iOS issue.

Please consider removing the "resolved" flag on this thread, since the Plesk article that "resolved" this issue is no longer available.

 

[Bitpalast]

The article did not provide a solution, because it is an iOS bug on some Apple devices. It is related to their SSL root certificates and that some of the devices and OS interpret a simple prolongation of an existing SSL certificate as a "new" certificate, so that the keys that the device or the OS stores are broken.

 

[DaarGaJeDan]

is this bug still a thing?

 

[Bitpalast]

Yes it is. Recently a customer told me that indeed their Apple devices still have no "accept" button for new certificates.