Facebook
Twitter
-
We value your experience with Plesk during 2024
Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
Please take this short survey:
https://pt-research.typeform.com/to/AmZvSXkx -
The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
-
We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.
Resolved Lets Encrypt Webmail.domain.com
- Thread starter Anirudh
- Start date
Have you tried it - Protecting Webmail with an SSL/TLS Certificate ?
WebHostingAce
Silver Pleskian
Yes, I've notice this too.
Reason why you receive this SSL error is - Lets Encrypt does NOT issue a wildcard SSL certificate. It is only issue a certificate to domain.tld and you have a option to include www.domain.tld.
Reason why you receive this SSL error is - Lets Encrypt does NOT issue a wildcard SSL certificate. It is only issue a certificate to domain.tld and you have a option to include www.domain.tld.
RaHa
Basic Pleskian
How to create an Lets Encrypt cert for webmail.domain.tld?
That it is now possible to use a Lets Encrypt cert for webmail is a great feature. But all users must acceppt the cert in the here browsers because it is not a subdomain cert ;-)
It must be possible to create a Lets Encrypt cert for webmail.domain.tld in plesk!!
That it is now possible to use a Lets Encrypt cert for webmail is a great feature. But all users must acceppt the cert in the here browsers because it is not a subdomain cert ;-)
It must be possible to create a Lets Encrypt cert for webmail.domain.tld in plesk!!
WebHostingAce
Silver Pleskian
As far as I know..No. not possible at the moment
Last edited:
U
UFHH01
Guest
Hi RaHa,
Unfortunately, there are still some "easy" steps missing, over the Plesk Control Panel, but you might consider to use the following solution as a work-around:
Your existent certificate should have been expanded now.
If you experience issues/errors/problems here, pls. consider to add the corresponding log - file from "/opt/psa/var/modules/letsencrypt/logs" for further investigations!
Yes that IS possible.
Unfortunately, there are still some "easy" steps missing, over the Plesk Control Panel, but you might consider to use the following solution as a work-around:
Pls. note: The following steps assume, that you already created a Let's Encrypt certificate for the domain ( either with, or without "www" )
- Pls. DISABLE webmail - support for the specific domain
( HOME > Subscriptions > YOUR-DOMAIN.COM > (tab) Mail > (tab) Mail Settings > (choose the domain and click onto ) Webmail 
- Pls. CREATE the subdomain "webmail" at YOUR-DOMAIN.COM
- Make sure, that if you use an external nameserver from your domain registrar, you now have to setup an "A" - DNS - entry for "webmail.YOUR-DOMAIN.COM".
- Use the following command ( as user "root" over SSH ) to EXPAND the existent certificate for YOUR-DOMAIN.COM with the additional domain "webmail.YOUR-DOMAIN.COM"
Code:
plesk bin extension --exec letsencrypt cli.php -d YOUR-DOMAIN.COM -d www.YOUR-DOMAIN.COM -d webmail.YOUR-DOMAIN.COM --email [email protected] --expand
Your existent certificate should have been expanded now.
If you experience issues/errors/problems here, pls. consider to add the corresponding log - file from "/opt/psa/var/modules/letsencrypt/logs" for further investigations!
- Now, pls. DELETE the created "webmail" subdomain again over the Plesk Control Panel.
- Pls. ENABLE the webmail - support for your specific domain again.
Pls. check your current certificates at for example ( pls. change the YOUR-DOMAIN.COM - example - URLs! ):
This is all in the hope that within a few months it gets direct support from Plesk?
Or will it keep maintaining that subdomain after it's gone?
I tried to make a solution using a URL /webmail using nginx.
That solution would not need an extra URL to work as it's based on the original one.
For some reason that didn't work.
Some other fancy stuff I did in nginx worked flawless.
I posted this "solution" here and hoped to get some answer that helped me further, but no-one replied.
I still don't know why it is not working. Probably some minor detail.
Question - nginx not doing what I want it to do
If Plesk would natively start implementing the /webmail URL they would circumvent this whole letsencrypt (extra) handling.
Or will it keep maintaining that subdomain after it's gone?
I tried to make a solution using a URL /webmail using nginx.
That solution would not need an extra URL to work as it's based on the original one.
For some reason that didn't work.
Some other fancy stuff I did in nginx worked flawless.
I posted this "solution" here and hoped to get some answer that helped me further, but no-one replied.
I still don't know why it is not working. Probably some minor detail.
Question - nginx not doing what I want it to do
If Plesk would natively start implementing the /webmail URL they would circumvent this whole letsencrypt (extra) handling.
Last edited:
U
UFHH01
Guest
Hi mr-wolf,
If you desire to discuss other things which are not part of the thread topic ( and it's starting post ), pls. consider to open a new thread.
Yes, I still think, that Plesk will improve the Plesk Let's Encrypt Extension, so that it is less complicated to install a valid Let's Encrypt certificate for "webmail" and "mail" ( and others as "lists" and "autodiscover" ), without to worry about ( possible ) issues at renewing processes.
If you desire to discuss other things which are not part of the thread topic ( and it's starting post ), pls. consider to open a new thread.
I started that thread a while ago and implicitly invited you to comment.
Here's the link again: Question - nginx not doing what I want it to do
Here's the link again: Question - nginx not doing what I want it to do
Rudi Servo
New Pleskian
Hi RaHa,
Yes that IS possible.
Unfortunately, there are still some "easy" steps missing, over the Plesk Control Panel, but you might consider to use the following solution as a work-around:
Pls. note: The following steps assume, that you already created a Let's Encrypt certificate for the domain ( either with, or without "www" )
- Pls. DISABLE webmail - support for the specific domain
( HOME > Subscriptions > YOUR-DOMAIN.COM > (tab) Mail > (tab) Mail Settings > (choose the domain and click onto ) Webmail View attachment 12498
- Pls. CREATE the subdomain "webmail" at YOUR-DOMAIN.COM
- Make sure, that if you use an external nameserver from your domain registrar, you now have to setup an "A" - DNS - entry for "webmail.YOUR-DOMAIN.COM".
- Use the following command ( as user "root" over SSH ) to EXPAND the existent certificate for YOUR-DOMAIN.COM with the additional domain "webmail.YOUR-DOMAIN.COM"
Code:plesk bin extension --exec letsencrypt cli.php -d YOUR-DOMAIN.COM -d www.YOUR-DOMAIN.COM -d webmail.YOUR-DOMAIN.COM --email [email protected] --expandYour existent certificate should have been expanded now.
If you experience issues/errors/problems here, pls. consider to add the corresponding log - file from "/opt/psa/var/modules/letsencrypt/logs" for further investigations!
- Now, pls. DELETE the created "webmail" subdomain again over the Plesk Control Panel.
- Pls. ENABLE the webmail - support for your specific domain again.
Pls. check your current certificates at for example ( pls. change the YOUR-DOMAIN.COM - example - URLs! ):
Will it Work after the expiration of the said certificate?
issue is the challenge let's encrypt needs to write in order to verify if that is a valid domain by dns, I do not know how the revalidation works but if it is with the same logic wont if fail after two months upon revalidation?
U
UFHH01
Guest
Hi Rudi Servo,
the mentioned suggestion is STILL a work-around and shouldn't be seen as a replacement for future updates/upgrades/patches from Plesk for the Plesk Extension Let's Encrypt. The Plesk developpers are still working to improve the extension, but some things take a bit longer than other ones.
At the current moment, you have to repeat steps
Then use the "renew" command ( as already created in your serverwide "Scheduled Tasks" ):
... and continue again with the previous steps:
and finally:
the mentioned suggestion is STILL a work-around and shouldn't be seen as a replacement for future updates/upgrades/patches from Plesk for the Plesk Extension Let's Encrypt. The Plesk developpers are still working to improve the extension, but some things take a bit longer than other ones.
At the current moment, you have to repeat steps
Then use the "renew" command ( as already created in your serverwide "Scheduled Tasks" ):
Code:
/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/letsencrypt/scripts/renew.php'... and continue again with the previous steps:
and finally:
U
UFHH01
Guest
Hi B4c4rd1,
This temporary work-around still lacks some solutions to fit all needs and desires.
Unfortunately: No.
This temporary work-around still lacks some solutions to fit all needs and desires.
Rudi Servo
New Pleskian
I am going to try and test another way, instead of disabling the webmail subdomain, maybe just redirecting it to the local webmail? Dont know if it is even feasible but I will try.
Daniel Willitzer
New Pleskian
@UFHH01,
Was thinking most of these steps can be handled via php or bash script since we have access to the Plesk CLI. What your thoughts?
Step 1) Disable the mailserver >(here we can grab the current value and store in a variable or pass it to a temp text file.)
Step 2) Create Webmail Subdomain
... just examples.
Was thinking most of these steps can be handled via php or bash script since we have access to the Plesk CLI. What your thoughts?
Step 1) Disable the mailserver >(here we can grab the current value and store in a variable or pass it to a temp text file.)
Code:
#this gives us our current value for the domain.
plesk bin subscription_settings -i example.com | grep "Webmail:"
#disabled the webmail subscription
plesk bin subscription_settings -u example.com -webmail none"-webmail horde|roundcube|none . Switches webmail on or off for a subscription." (reference commands)
Step 2) Create Webmail Subdomain
Code:
#create subdomain
plesk bin subdomain --create webmail -domain example.com -hard_quota 1G -ssi true -php true -ssl true... just examples.
U
UFHH01
Guest
Hi Daniel Willitzer,
the reason why I didn't provide any further suggestions, how to automate this process, is still the fact that the Plesk developpers are really working to solve all the issues/problems. If we provide "complete working solutions", the Plesk community/users get used to it and consider it as normal and that is what "work-arounds" never should be. Your suggestions will surely work, but as stated, I don't recommend automations for "work-arounds".
the reason why I didn't provide any further suggestions, how to automate this process, is still the fact that the Plesk developpers are really working to solve all the issues/problems. If we provide "complete working solutions", the Plesk community/users get used to it and consider it as normal and that is what "work-arounds" never should be. Your suggestions will surely work, but as stated, I don't recommend automations for "work-arounds".
Daniel Willitzer
New Pleskian
Hi Daniel Willitzer,
the reason why I didn't provide any further suggestions, how to automate this process, is still the fact that the Plesk developpers are really working to solve all the issues/problems. If we provide "complete working solutions", the Plesk community/users get used to it and consider it as normal and that is what "work-arounds" never should be. Your suggestions will surely work, but as stated, I don't recommend automations for "work-arounds".
✅ Agreed..
Rudi Servo
New Pleskian
Hi Daniel Willitzer,
the reason why I didn't provide any further suggestions, how to automate this process, is still the fact that the Plesk developpers are really working to solve all the issues/problems. If we provide "complete working solutions", the Plesk community/users get used to it and consider it as normal and that is what "work-arounds" never should be. Your suggestions will surely work, but as stated, I don't recommend automations for "work-arounds".
It isn't that much of a deal to develop that change even for production
here is a sugestion
you just have to change the webmail template to something like this
PHP:
Alias /.well-known/acme-challenge/ "/var/www/vhosts/<?php echo $VAR->domain->asciiName ?>/webmail.<?php echo $VAR->domain->asciiName ?>/.well-known/acme-challenge/"
<Directory "/var/www/vhosts/<?php echo $VAR->domain->asciiName ?>/webmail.<?php echo $VAR->domain->asciiName ?>/.well-known/acme-challenge/">
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>and make the necessary change in the let's encrypt add-on to actually write the chalenge to another folder other then the one I suggested in the code...
as for security concerns, place it somewhere else, folder reads and writes and what not.
Hi all,
Looking at How to secure webmail using Let's Encrypt in Plesk Onyx, I assume that it is solved now - at least for Onyx!
I just tried the solution and it seems to work!
Looking at How to secure webmail using Let's Encrypt in Plesk Onyx, I assume that it is solved now - at least for Onyx!
I just tried the solution and it seems to work!
Similar threads
