Issue Mail certificate is getting overruled

[Marc Pol]

Hi

We are using letscenrypt to manage mail certificates towards our customers. This is a multilevel domain certificate, that is issued at Tools & Settings → SSL/TLS Certificates → Certificate for securing mail. We are creating this certificate in the commandline interface in the webroot like this:

"/usr/local/psa/var/modules/letsencrypt/venv/bin/letsencrypt" certonly --webroot --email "[email protected]" --webroot-path "/var/www/vhosts/default/htdocs/" -d example.com -d mail.example2.com, etc, etc

We don’t want to use this construction anymore, because you dont want to use multilevel domain names certificates and you can create individual certificates now in obsidian, for a while.

So the issue:

When I try to create a individual letsencrypt certificate in the customer’s subscription, and use it for mail only, the certificates configured at Tools & Settings → SSL/TLS Certificates → Certificate for securing mail is overruling the certificate that I just created.

When I create a certificate for:


* Secure the wildcard domain (including www and webmail)
* Include a "www" subdomain for the domain and each selected alias
* Secure webmail on this domain
* Assign the certificate to mail domain

The certificate is not overruled by: Tools & Settings → SSL/TLS Certificates → Certificate for securing mail.

This must be a bug, right? I need the possibility to create a mail only certificate without the need of a multilevel domain certificate.


How are you guys doing this?

PLESK version:

Plesk Obsidian
Version 18.0.27
CentOS Linux 8.1.1911 (Core)

 

[Marc Pol]

Can this topic be bumped up?

 

[Marc Pol]

Any thoughts, anyone?

 

[vaelu]

Hello @Marc Pol

We are handling this issue in the way that we use mail.example.com as mailserver for all customers. That means also [email protected] and [email protected] etc. are using mail.example.com as mailserver.

This has multiple advantages, one of them is that you can use one certificate which includes the domain name of the mailserver for all domains (configured in Tools & Settings → SSL/TLS Certificates → Certificate for securing mail).

I hope this helps.

 

[Dave W]

Hi Marc,

Probably best to ping support with that one.

You are saying when you create an SSL for mail only on a domain that the default mail SSL is presented for that domain?

DaveW

 

[Marc Pol]

Hello @Marc Pol

We are handling this issue in the way that we use mail.example.com as mailserver for all customers. That means also [email protected] and [email protected] etc. are using mail.example.com as mailserver.

This has multiple advantages, one of them is that you can use one certificate which includes the domain name of the mailserver for all domains (configured in Tools & Settings → SSL/TLS Certificates → Certificate for securing mail).

I hope this helps.

Thanks webdiz for your reaction. We also do this at the moment. But plesk 18 also delivers a solution to configure single certificates for the mail per domain, without the use of a multi level domain certificate. But the problem is that plesk is also overruling the single certificates per domain with the multilevel domain certificate. It should be apart, if you understand what i mean.

 

[Marc Pol]

Hi Marc,

Probably best to ping support with that one.

You are saying when you create an SSL for mail only on a domain that the default mail SSL is presented for that domain?

DaveW

Hi Dave,

"You are saying when you create an SSL for mail only on a domain that the default mail SSL is presented for that domain?" That is correct. But i will contact support about this one indeed.