Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Let’s Encrypt WebMail
- Thread starter Hayk
- Start date
-
- Tags
- let's encrypt ssl ubuntu webmail
U
UFHH01
Guest
Hi Hayk,
with the next version of Plesk ( Plesk Onyx - v17.x ), you may achieve your goal very fast, without modifying Plesk configuration templates.
If you want to achieve this goal with Plesk 12.5 for example, you may follow suggestions in several forum threads:
with the next version of Plesk ( Plesk Onyx - v17.x ), you may achieve your goal very fast, without modifying Plesk configuration templates.
If you want to achieve this goal with Plesk 12.5 for example, you may follow suggestions in several forum threads:
U
UFHH01
Guest
Hi Hayk,
even that Plesk Onyx is not yet released officially, you can upgrade to the preview version, with the help of your Plesk autoinstaller. Just use the command:
... and follow the descriptions and instructions to choose the actual Plesk Onyx version "17.0.14". Pls. be aware, that Plesk Onyx has no support at the moment, untill the first official release ( announced to "early in the fourth quarter of this year" ). A depending thread can be found here: => Plesk Onyx Preview and FeedBack ( Plesk forum thread )
even that Plesk Onyx is not yet released officially, you can upgrade to the preview version, with the help of your Plesk autoinstaller. Just use the command:
/usr/local/psa/admin/sbin/autoinstaller --all-versions
... and follow the descriptions and instructions to choose the actual Plesk Onyx version "17.0.14". Pls. be aware, that Plesk Onyx has no support at the moment, untill the first official release ( announced to "early in the fourth quarter of this year" ). A depending thread can be found here: => Plesk Onyx Preview and FeedBack ( Plesk forum thread )
U
UFHH01
Guest
Hi Hayk,
Quoted from : "https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/5946390-add-management-of-webmail-ssl-certificates" :
The feature is available over "Mail Settings" or as well over "SSL/TLS Certificates" at each domain, when a webmail software is installed and activated for the domain.
To create a Let's Encrypt - certificate for a subdomain "mail.YOUR-DOMAIN.COM", just create the corresponding subdomain and use the Let's Encrypt - Extension to create a certificate for it. You are as well able to download the created certificate, when you would like to manual upload it over "SSL/TLS Certificates" and you can delete the previous created subdomain afterwards.
Additional Screenshots:
Quoted from : "https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/5946390-add-management-of-webmail-ssl-certificates" :
The feature is available over "Mail Settings" or as well over "SSL/TLS Certificates" at each domain, when a webmail software is installed and activated for the domain.
To create a Let's Encrypt - certificate for a subdomain "mail.YOUR-DOMAIN.COM", just create the corresponding subdomain and use the Let's Encrypt - Extension to create a certificate for it. You are as well able to download the created certificate, when you would like to manual upload it over "SSL/TLS Certificates" and you can delete the previous created subdomain afterwards.
Additional Screenshots:
=> Mail - Settings: 
=> SSL/TLS Certificates: 
Last edited by a moderator:
Sadly this isn't possible with the standard webmail.domain.tld because Let's encrypt can't access the authorization file becuase of horde / roundcube blocking normal webspace.
How can I create a Lets encrypt certificate for the webmail subdomain?
James Moore
New Pleskian
There seems no solution for this, also not with Plesk Onyx (I use Plesk Onyx at the moment)
Don't understand why this is marked solved??
There is a possiblity to select which certificate applies for the webmail, but at the same time there is no possiblity to apply for a certificate for webmail.domain.tld.
What use does it have when I can link the certificate for domain.tld, www.domain.tld (as you can have this included as a alternative domain by default in Plesk) or any subdomain I create except webmail.domain.tld, when at the same time the webmail only works on webmail.domain.tld.
There is a flow-error.
Why is there no possibility to activate a checkbox like "Include webmail.domain.tld as an alternative domain name." just like with www.
Or the possibility to override the challenge path for a webmail.domain.tld you might create within Plesk, e.g.:
location ^~ /.well-known {
alias /var/www/vhosts/webmail.domain.tld/.well-known;
}
Seems like the webmail-software is hijacking the request prior to this.
Don't understand why this is marked solved??
There is a possiblity to select which certificate applies for the webmail, but at the same time there is no possiblity to apply for a certificate for webmail.domain.tld.
What use does it have when I can link the certificate for domain.tld, www.domain.tld (as you can have this included as a alternative domain by default in Plesk) or any subdomain I create except webmail.domain.tld, when at the same time the webmail only works on webmail.domain.tld.
There is a flow-error.
Why is there no possibility to activate a checkbox like "Include webmail.domain.tld as an alternative domain name." just like with www.
Or the possibility to override the challenge path for a webmail.domain.tld you might create within Plesk, e.g.:
location ^~ /.well-known {
alias /var/www/vhosts/webmail.domain.tld/.well-known;
}
Seems like the webmail-software is hijacking the request prior to this.
The workaround solution is :
Select option webmail "None"
Create subdomain webmail
Create Let's Encrypt certificate
Delete subdomain
Select webmail software
Select webmail certificate
et Voila
Only thing is that creating and selecting a certificate doesn't autmagically block http access of webmail and it removes the webmail records in dns
to redirect http to https I copied /usr/local/psa/admin/conf/templates/default/webmail/webmail.php to /usr/local/psa/admin/conf/templates/custom/webmail/webmail.php and removed the http part in /usr/local/psa/admin/conf/templates/custom/webmail/webmail.php
Last edited:
James Moore
New Pleskian
Ofcourse the automated renewal is broken this way. But this "solution" is only meant as a temporary workaround. I am lead to believe that they are working on a solution.
This topic is far from being resolved in my opinion and the suggested workaround does not work, because the certificate seems to be gone after the subdomain has been removed.
Needless to say that doing this workaround every 90 days (due to Lets Encrypt's policy about the validity of their certificates) is not what you expect from a webinterface made to make things easier and save time.
Needless to say that doing this workaround every 90 days (due to Lets Encrypt's policy about the validity of their certificates) is not what you expect from a webinterface made to make things easier and save time.
only for webmail subdomain? what about other subdomains? like -> imap.domain.com, smtp.domain.com..?
Like you said: In your opinion. It works, it's a workaround meant for those who don't want to wait and don't mind the extra work if a solution is not delivered as expected in Q2 of 2017. And last but not least what's your real contribution to this topic other than complaining.
My contribution is to keep that topic in mind since it was marked resolved, which it isnt. Its not my opinion that the suggested workaround does not work - its a fact.
Have you tried it? Why wouldn't it work? Merely stating that it's a fact doesn't make it so. I have it implemented on a couple of domains so I know it works. At least for me. ;-)
Jup, tried it with Plesk Version 17.0.17 Update #13 with the Lets Encrypt-Extension Version 1.9 Release 3 on CentOS 7. :^)
