• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Mail Certificates: An interesting puzzle

Jay Versluis

Regular Pleskian
Hello all,

I was working on a Plesk 12.5 server running CentOS 6.7 yesterday. I’ve patched the mail certificates for Courier as outlined in the KB article (https://kb.odin.com/en/1062). This has worked flawlessly many times before on other systems, but not this time. Even though a TLS check confirms the certificates are correctly served by Plesk, every time I try to connect with an email client I get an interesting phenomenon:
  • when I connect with mail.domain.com, a self-signed certificate is returned. This shouldn’t happen, because I’ve overwritten them all.
  • however, when I connect with domain.com instead, my correctly patched certificate is returned
The certificate is for mail.domain.com, so I’d like mail.domain.com to return said certificate. I'm puzzled because I don't understand where the self-signed certificate comes from. How can Plesk return two different certificates?

mail.domain.com and domain.com resolve to the same IP of course, just thought I'd mention it.
 
Hello Jay,

I hope you don't have a subscription / domain mail.domain.com created on your server through Plesk, do you?
 
Hello abdi! Good call, there's no domain, subscription or subdomain mail.domain.com, but in my testing I have set one up to see if that makes a difference. It did not, I got the same behaviour and subsequently deleted it again.

I've also reset the DNS settings to their defaults, just in case they were not set correctly - but no change there either.
 
Even though a TLS check confirms the certificates are correctly served by Plesk, every time I try to connect with an email client I get an interesting phenomenon
Do you mean that checking connection to mail.domain.com with http://www.checktls.com/perl/TestReceiver.pl returns correct certificate results?
Do you have the same behaviour with other mail clients?
Have you tried to use

# plesk repair mail

for fixing this issue?
 
Hi Igor, indeed - that's the very TLS test I'm using, and it returns the correct certificate. All tests pass with flying colours.

I've tried "plesk repair mail", thanks for the tip! It didn't find any trouble. The problem persists.
 
I would suggest you contact Plesk Support Team for deep investigation this strange issue directly on your server.
 
I have an identical problem on an identical set-up (Plesk12.5 CentOS6.7). Mail clients cannot connect on ssl ports 993 or 995. Plesk repair mail doesn't change anything, TLS Receiver test says all OK except for "self-signed certificate" (it's the Plesk Parallels default certificate). SSL works fine with SMTP. I have had this issue on two servers since upgrade to 12.5.
 
Back
Top