• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Mail Certificates: An interesting puzzle

Jay Versluis

Jay Versluis

Regular Pleskian
Hello all,

I was working on a Plesk 12.5 server running CentOS 6.7 yesterday. I’ve patched the mail certificates for Courier as outlined in the KB article (https://kb.odin.com/en/1062). This has worked flawlessly many times before on other systems, but not this time. Even though a TLS check confirms the certificates are correctly served by Plesk, every time I try to connect with an email client I get an interesting phenomenon:
  • when I connect with mail.domain.com, a self-signed certificate is returned. This shouldn’t happen, because I’ve overwritten them all.
  • however, when I connect with domain.com instead, my correctly patched certificate is returned
The certificate is for mail.domain.com, so I’d like mail.domain.com to return said certificate. I'm puzzled because I don't understand where the self-signed certificate comes from. How can Plesk return two different certificates?

mail.domain.com and domain.com resolve to the same IP of course, just thought I'd mention it.
 
Hello Jay,

I hope you don't have a subscription / domain mail.domain.com created on your server through Plesk, do you?
 
Hello abdi! Good call, there's no domain, subscription or subdomain mail.domain.com, but in my testing I have set one up to see if that makes a difference. It did not, I got the same behaviour and subsequently deleted it again.

I've also reset the DNS settings to their defaults, just in case they were not set correctly - but no change there either.
 
Jay Versluis said:
Even though a TLS check confirms the certificates are correctly served by Plesk, every time I try to connect with an email client I get an interesting phenomenon
Click to expand...
Do you mean that checking connection to mail.domain.com with http://www.checktls.com/perl/TestReceiver.pl returns correct certificate results?
Do you have the same behaviour with other mail clients?
Have you tried to use

# plesk repair mail

for fixing this issue?
 
Hi Igor, indeed - that's the very TLS test I'm using, and it returns the correct certificate. All tests pass with flying colours.

I've tried "plesk repair mail", thanks for the tip! It didn't find any trouble. The problem persists.
 
I would suggest you contact Plesk Support Team for deep investigation this strange issue directly on your server.
 
I have an identical problem on an identical set-up (Plesk12.5 CentOS6.7). Mail clients cannot connect on ssl ports 993 or 995. Plesk repair mail doesn't change anything, TLS Receiver test says all OK except for "self-signed certificate" (it's the Plesk Parallels default certificate). SSL works fine with SMTP. I have had this issue on two servers since upgrade to 12.5.
 
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
546
Polli
Polli
M
Issue Mail issue: Remote server returned '554 5.7.4 < # 5.7.4 SMTP; 554 5.7.4 failed to deliver message via SSL/TLS. >' -lost connection after STARTTLS from
Replies
1
Views
805
scsa20
scsa20
G
Issue Unable to create temporary domain and/or assign a SSL Certificate to domains *.plesk.page
Replies
3
Views
403
Sebahat.hadzhi
Sebahat.hadzhi
P
Question Sync SSL certificates between 2 servers
Replies
7
Views
1K
Kaspar@Plesk
Kaspar@Plesk
C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
628
Chucky_213123
C
Back
Top