• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Forwarded to devs Mail certificate is no longer assigned after it gets renewed by Let's Encrypt

Hi Maarten,

ok so do we have to enable this option in SSL it extention separatly?

We habe a server constellation where we have 3 Domains in Plesk.
On exmple.com we do not have access. On this domain there are dns entrys for plesk server.
We have mail.example.com which is the plesk server. This we have 3 times for 3 Domains.
On this we have still the same issue like described above.

regards
 
@Maarten

attached i have 2 screenshots where you can see several TLDs and Subdomains. On the TLDs we do not have access to, they are hosted at another server. But at the DNS of the TLDs there are set DNS entrys for the Plesk server that is running at the subdomains. So each domain has its own lets encrypt certificate for mail.example.com and for webmail.

The problem is exactly the same like the first post:
- Lets encrypt automatically generate new certificate
- After that the field for e-mail certificate is empty
- We have to set the certificate manually


Bildschirmfoto 2026-04-14 um 14.18.27.png


After renewig lets encrypt certificate the "SSL/TLS-Zertifikat E-Mail" becomes empty:

Bildschirmfoto 2026-04-14 um 14.19.00.png
 
I haven’t used the newer approach for securing mail.domain.com yet, I’m still using the workaround with an extra subdomain.

If I remember correctly, there was a post from @Kaspar about this, but I’m not sure where to find it right now.

@Sebahat.hadzhi, do you know if this is documented somewhere in the official Plesk docs? It would be great to have a clear reference instead of relying on forum posts.
 
Maarten said:
I haven’t used the newer approach for securing mail.domain.com yet, I’m still using the workaround with an extra subdomain.
Click to expand...
Does this still work without issue's?

@bit, there should be no need to have separate subdomains to have the mail.<domain> host secured for mail use. This feature is available by default now in the SSL it! extension, as long as there are DNS records on the zone for the mail host pointing to the Plesk server.

Screenshot 2026-04-15 141546.png
 
@Maarten, the only documentation on this matter I am aware of is the following support article:
What @Kaspar is saying is true.

@bit I would still like to explore this further in order to determine if there could be a potential bug. I will need you to provide me with couple of details, please, because at this point I am unable to replicate the behavior when manually reissuing the SSL certificate.
1. Does the issue occur only when the SSL is automatically reissued?
2. Do you have mail.example.com configured as subdomains or aliases?
3. Do I correctly assume that the hosting type of example.com is "Website"?
4. Is the SSL for mail.example.com issued through the main domain's SSL, i.e. "Secure mail on this domain" or has the SSL been issue separately through the subdomain itself?

Thanks in advance.
 
Hi together,

@Kaspar :
separate subdomains are still needed because we dont have access to the main domain example.com. That server is not under our control. On the Domain example.com we can only let set DNS entrys thats all.
Because we need email boxes in the format [email protected] we create a domain example.com in Plesk.
The subdomain mail.example.com is needed to connect to the Plesk email server for the user.
This szenario works fine so far since years. We dont have any problems except the problem with renewing Lets encrypt certificate.

@Sebahat.hadzhi :
Manually reissuing ssl cert leads to the same issue. The field is empty after doing this and we have to set that cert from hands.
1.) No, fortunatly we can see that if we manually reissue lets encrypt cert
2.) Yes, mail.example.com is a subdomain of example.com in Plesk. We have 3 different domains pairs of that schema
3.) Yes, the hosting type of all domains is "Website"
4.) We create ssl cert on mail.example.com only for mail.example.com subdomain that clients can connect to. On example.com we have ssl cert create for webmail.example.com. For email we have choose here mail.example.com ssl cert.

So it works fine since years except renewing and set the new cert automatically. So i guess its a small bug in plesk.
 
You must log in or register to reply here.

Similar threads

AmaZili Communication
Error in let's encrypt certificate generation
Replies
3
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
A
Resolved SSL It! does not renew certificate for subdomains that are used as redirections.
Replies
1
Views
525
atndlr
A
Bitpalast
Forwarded to devs SSL auto-renewal attemps do not stop after removing cert and disabling SSL
Replies
6
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
L
Resolved Unable to protect Plesk Panel with SSL Certificate (cannot get HTTPS://)
Replies
5
Views
941
leejb123456
L
D
Question How to figure out where a certificate is used?
Replies
0
Views
285
D3nnis3n
D
Back
Top