• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Let's encrypt webmail keeps using old certificate

M

m20230711

New Pleskian
Server operating system version
CentOS 7
Plesk version and microupdate number
Plesk Obsidian 18.0.53 Update #2
My domain has a valid SSL certificate from Let's Encrypt. I have used the wildcard specification to generate a certificate. However no matter what I try I the webmail does show as protected in Plesk, but the server is not providing the certificate when I access webmail.domain.com

  • Issued wildcard certificate through Let's Encrypt
  • Website is using newly issued certificate
  • Manually restarted (through GUI) Dovecot, Postfix, Apache
  • Executed through SSH:
    • plesk sbin httpdmng
    • plesk sbin websrvmng --restart
    • plesk sbin nginx_control --restart
    • plesk repair web for domain
      • Error messages: 0; Warnings: 0; Errors resolved: 0
    • systemctl restart sw-cp-server.service
    • echo 'Q' | openssl s_client -connect localhost:465 -servername example.com -showcerts 2>&1 | grep -Eo 'CN=[^/]+' | uniq
      • Displays the correct certificate
  • PSA database shows single certificate for the domain
  • Webmail settings points to the correct certificate
So far I have not been able to have the webmail serve the correct certificate.
 
Is the correct SSL certificate selected from the "SSL/TLS certificate for webmail" drop down on the "Mail Settings" tab of the domain?

1689110352936.png
 
Is the webmail subdomain addressing the right server or is it maybe routed to another server?
 
Webmail resolves to a different IP than where Plesk manages the site. Though that did not prefent Plesk from configuring the webmail previously.
 
A domain validated SSL certificate must be issued on the server where the domain is operated.
Maybe previously you had added the certificate manually to the other server or you confirmed a security exeception rule in your browser. It is not possible that it worked there automatically.

I'll mark this thread as solved, because it is clear that the issue is caused by a missing certificate on the target server.
 
You must log in or register to reply here.

Similar threads

jradzuweit
Resolved How to update Let'S Encrypt certificate with SSL It!
Replies
4
Views
306
jradzuweit
jradzuweit
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
273
mendip_discovery
M
micneon
Issue Problems to del certificate with cli
Replies
0
Views
136
micneon
micneon
defcon8
Issue SMTP SSL Certificate Expired
Replies
2
Views
599
defcon8
defcon8
D
Question Renewing Let's encrypt automatically
Replies
3
Views
494
Kaspar
K
Back
Top