• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Mail certificate is getting overruled

Marc Pol

New Pleskian
Hi

We are using letscenrypt to manage mail certificates towards our customers. This is a multilevel domain certificate, that is issued at Tools & Settings → SSL/TLS Certificates → Certificate for securing mail. We are creating this certificate in the commandline interface in the webroot like this:

"/usr/local/psa/var/modules/letsencrypt/venv/bin/letsencrypt" certonly --webroot --email "[email protected]" --webroot-path "/var/www/vhosts/default/htdocs/" -d example.com -d mail.example2.com, etc, etc

We don’t want to use this construction anymore, because you dont want to use multilevel domain names certificates and you can create individual certificates now in obsidian, for a while.

So the issue:

When I try to create a individual letsencrypt certificate in the customer’s subscription, and use it for mail only, the certificates configured at Tools & Settings → SSL/TLS Certificates → Certificate for securing mail is overruling the certificate that I just created.

When I create a certificate for:


* Secure the wildcard domain (including www and webmail)
* Include a "www" subdomain for the domain and each selected alias
* Secure webmail on this domain
* Assign the certificate to mail domain

The certificate is not overruled by: Tools & Settings → SSL/TLS Certificates → Certificate for securing mail.

This must be a bug, right? I need the possibility to create a mail only certificate without the need of a multilevel domain certificate.


How are you guys doing this?

PLESK version:

Plesk Obsidian
Version 18.0.27
CentOS Linux 8.1.1911 (Core)
 
Last edited:
Hello @Marc Pol

We are handling this issue in the way that we use mail.example.com as mailserver for all customers. That means also [email protected] and [email protected] etc. are using mail.example.com as mailserver.

This has multiple advantages, one of them is that you can use one certificate which includes the domain name of the mailserver for all domains (configured in Tools & Settings → SSL/TLS Certificates → Certificate for securing mail).

I hope this helps.
 
Hi Marc,

Probably best to ping support with that one.

You are saying when you create an SSL for mail only on a domain that the default mail SSL is presented for that domain?

DaveW
 
Hello @Marc Pol

We are handling this issue in the way that we use mail.example.com as mailserver for all customers. That means also [email protected] and [email protected] etc. are using mail.example.com as mailserver.

This has multiple advantages, one of them is that you can use one certificate which includes the domain name of the mailserver for all domains (configured in Tools & Settings → SSL/TLS Certificates → Certificate for securing mail).

I hope this helps.
Thanks webdiz for your reaction. We also do this at the moment. But plesk 18 also delivers a solution to configure single certificates for the mail per domain, without the use of a multi level domain certificate. But the problem is that plesk is also overruling the single certificates per domain with the multilevel domain certificate. It should be apart, if you understand what i mean.
 
Hi Marc,

Probably best to ping support with that one.

You are saying when you create an SSL for mail only on a domain that the default mail SSL is presented for that domain?

DaveW
Hi Dave,

"You are saying when you create an SSL for mail only on a domain that the default mail SSL is presented for that domain?" That is correct. But i will contact support about this one indeed.
 
Back
Top