• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Let's Encrypt

Filipe Silva

Basic Pleskian
Good day,

I was able to secure a mail server with plesk onyx with let's encrypt, but that server only has one domain. The other server i have with plesk 12 have multiple domains, the question is, if I manage to install a SSL from let's encrypt the same SSL will work for all domains? I remember that I have to specify one domain.

Sorry if this question is in the wrong place, but it is kinda the same as plesk onyx but without GUI.

Thanks
 
Could you please specify what you mean with your question?
I dont understand the fact that you want to use one SSL-Certificate for all domains.


How SSL Certificates Work:
  • A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The browser/server requests that the web server identify itself.
  • The web server sends the browser/server a copy of its SSL certificate.
  • The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.
  • The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.
  • Encrypted data is shared between the browser/server and the web server.
1258x489_how-ssl-certificates-work.jpg
 
Im not talking about securing websites, but dovecot and postfix. I think i can only use one SSL for each.
I guess i need a multi-domain SSL certificate. Let's encrypt only works for one domain, right?
 
You can secure mail with one ssl this is right.

Go to:
tools & settings -> SSL/TLS -> Certificate for the protection of e-mails -> Add an Let's Encrypt Certificate.
Important is here, that you use as domainname the hostname of your server.

You have to use the hostname in your mail-client too, to use the certificate at the client.


If you have any further questions, let me know.
 
You can secure mail with one ssl this is right.

Go to:
tools & settings -> SSL/TLS -> Certificate for the protection of e-mails -> Add an Let's Encrypt Certificate.
Important is here, that you use as domainname the hostname of your server.

You have to use the hostname in your mail-client too, to use the certificate at the client.


If you have any further questions, let me know.

Thank you for the reply. I already saw that, but it means that i can only secure one domain, right?
 
The mail-service only has one domain, the hostname, the server as itself works as the mailserver. You can only secure one domain for the mails.

Others must use this domain in thier clients for inbox-server and outbox-server.
 
ok! So i can set up the dns to "pop3.domain1.pt" and "smtp.domain1.pt" for all of our domains with let's encrypt. Did I get it right?
Btw, will "yum install letsencrypt" conflict with the lets encrypt extension on plesk?
 
No.
For explanation:

Your server (hostname.example.com) works as the mailserver.
You secure in the hostname of your server with an let's encrypt certificate, because if you use another domain like "tld.example.com" or something else, you and your customers will get an warning Message that the certiciate doesent match with the hostname.

This will also hapen if you secure your hostname right with the certificate but enter in your mail client a domain other than the hostname as mail server.

For more information:
Securing Plesk and the Mail Server With SSL/TLS Certificates
 
I see you are using plesk 12.x, this is a little bit tricky but it works.

1. Login to plesk
2. Create your hostname as domain in plesk
3. Go to the domain -> SSL/TLS -> click on the certificatename (no you see the certficate parts)
1_plesk-domain-ansicht-ssl.png


4. Connect via bash to your server
5.Check if you use Postfix or Qmail
Code:
ps aux |grep postfix
ps aux |grep qmail
6.Edit the following files(vi or vim):
For Postfix:
Code:
 /etc/postfix/postfix_default.pem
For Qmail:
Code:
/var/qmail/control/servercert.pem
7.Delete the content in the file.
8.Paste the certificateparts in the following order:

Code:
-----BEGIN RSA PRIVATE KEY-----
..........
(Privater Key)
..........
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
..........
(Private SSL Certificate)
..........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
..........
(CA-Certificate)
..........
-----END CERTIFICATE-----
9. Save and close the file
10.Check if you use dovecot or courier
Code:
ps aux |grep courier
ps aux |grep dovecot
11.
#dovecot
Code:
/etc/dovecot/private/ssl-cert-and-key.pem
#courier
Code:
/usr/share/imapd.pem
/usr/share/pop3d.pem
12.Replace the content with the content you have paste in step 8
Code:
rm /usr/share/imapd.pem
rm /usr/share/pop3d.pem
Code:
cp /etc/postfix/postfix_default.pem /usr/share/imapd.pem
cp /etc/postfix/postfix_default.pem /usr/share/pop3d.pem

For example, depending on what is used on the system.
12. Restart Plesk
Code:
service psa stop all
service psa start
13. Check the mailserver:
https://de.ssl-tools.net/mailservers
 
Last edited:
Good morning.

The thing is that I have multiple domains... that solution changes the default SSL by editing " /etc/postfix/postfix_default.pem" but that i guess will work only for one domain. I'm thinking that I need a multi-domain SSL, or am I wrong?
Besides, if I use your solution with let's encrypt it wont automaticly renew the certificate montly...

Thanks for your help.
 
No, you dont need a multiple domain SSL, because your hostname is uniqe.

Thats the point why you use in your mail-client your hostname as inbox-server and outbox-server -> the ssl matches with the hostname that is the important point with ssl, that it works.

Yes that is disadvantage.
I recommend upgrading to Plesk Onyx, where you can easily embed Let's Encrypt through the Mail Services panel. Which automatically renewed every 3 months. If you need help with the upgrade, I am at your disposal, gladly via PM.
 
No, you dont need a multiple domain SSL, because your hostname is uniqe.

Thats the point why you use in your mail-client your hostname as inbox-server and outbox-server -> the ssl matches with the hostname that is the important point with ssl, that it works.

Yes that is disadvantage.
I recommend upgrading to Plesk Onyx, where you can easily embed Let's Encrypt through the Mail Services panel. Which automatically renewed every 3 months. If you need help with the upgrade, I am at your disposal, gladly via PM.

Sorry for the late reply.

I think i'll install let's encrypt via GUI with "yum install letsencrypt". Haven't updated to onyx because we might change the server and we can't afford anything wrong to happen to it.
When creating a letsencrypt SSL it asks for a domain, what is it for?
 
Install let's encrypt with the plesk-installer:
Code:
plesk installer

Where did it ask you, for a domain?
 
Install let's encrypt with the plesk-installer:
Code:
plesk installer

Where did it ask you, for a domain?

Does that command install the addon? The addon is not useful to secure the mail server since i dont have plesk onyx and I've already secured the websites.

In the moment when you generate an SSL by gui or without GUI it requires a domain. I guess it is the only domain that will work with the letsencrypt SSL...
 
Back
Top