• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Let's encrypt webmail keeps using old certificate

m20230711

New Pleskian
Server operating system version
CentOS 7
Plesk version and microupdate number
Plesk Obsidian 18.0.53 Update #2
My domain has a valid SSL certificate from Let's Encrypt. I have used the wildcard specification to generate a certificate. However no matter what I try I the webmail does show as protected in Plesk, but the server is not providing the certificate when I access webmail.domain.com

  • Issued wildcard certificate through Let's Encrypt
  • Website is using newly issued certificate
  • Manually restarted (through GUI) Dovecot, Postfix, Apache
  • Executed through SSH:
    • plesk sbin httpdmng
    • plesk sbin websrvmng --restart
    • plesk sbin nginx_control --restart
    • plesk repair web for domain
      • Error messages: 0; Warnings: 0; Errors resolved: 0
    • systemctl restart sw-cp-server.service
    • echo 'Q' | openssl s_client -connect localhost:465 -servername example.com -showcerts 2>&1 | grep -Eo 'CN=[^/]+' | uniq
      • Displays the correct certificate
  • PSA database shows single certificate for the domain
  • Webmail settings points to the correct certificate
So far I have not been able to have the webmail serve the correct certificate.
 
Is the correct SSL certificate selected from the "SSL/TLS certificate for webmail" drop down on the "Mail Settings" tab of the domain?

1689110352936.png
 
Is the webmail subdomain addressing the right server or is it maybe routed to another server?
 
Webmail resolves to a different IP than where Plesk manages the site. Though that did not prefent Plesk from configuring the webmail previously.
 
A domain validated SSL certificate must be issued on the server where the domain is operated.
Maybe previously you had added the certificate manually to the other server or you confirmed a security exeception rule in your browser. It is not possible that it worked there automatically.

I'll mark this thread as solved, because it is clear that the issue is caused by a missing certificate on the target server.
 
Back
Top