• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Issue Mail Server Certificate Conflict Despite Correct Assignment (SNI Error)

S

savo

New Pleskian
Server operating system version
Ubuntu 22.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.71 Update #2
Hello,

I have a critical issue with SSL certificate assignment on my Plesk mail server. The server is presenting the wrong certificate for incoming email connections, which makes automatic configuration and client connections impossible. I am confident that this is an SNI error where the server-wide default certificate is overriding domain-level assignments.

Infrastructure:

  • Web Hosting: CloudPanel server
  • Email Services: Plesk server
  • Mail Gateway: Proxmox Mail Gateway (PMG)
  • DNS: IONOS
  • Plesk Plugin: Plesk Premium Email is installed.
Error Details:

  • Domain 1 (DOMAIN1.com): The email account works correctly. Browser access to https://mail.domain1.com shows the correct certificate.
  • Domain 2 (DOMAIN2.com): When trying to configure an email account, clients receive the error "Certificate name mismatch" or "Unable to connect to IMAP server". Browser access to https://mail.domain2.com incorrectly shows the certificate for DOMAIN1.com.
Steps Taken:

  • I have separate Sectigo wildcard certificates for both domains, which have been imported into Plesk and assigned to the respective domains in Websites & Domains > [Domain] > Mail Settings. This has not fixed the error.
  • All necessary ports (993, 465) are open and reachable in the Plesk firewall.
  • Attempts to create a combined multi-domain certificate failed because the main domain A-records (DOMAIN1.com and DOMAIN2.com) point to the CloudPanel server, blocking Plesk's validation.
  • Important: I used an SSL diagnostics tool that reported a "Certificate name mismatch" for mail.DOMAIN2.com and showed the DOMAIN1.com certificate.
Please assist me in correctly assigning the certificate on the mail server for these domains.

I have attached some print screen from the SSL configuration pages on PLESK.

Thank you very much for yiour support in advance.

Cheers!
 

Attachments

  • Serverweites_Zertifikat_fuer_Plesk-1.jpg
    Serverweites_Zertifikat_fuer_Plesk-1.jpg
    202 KB · Views: 3
  • Serverweites_Zertifikat_fuer_Plesk-2.jpg
    Serverweites_Zertifikat_fuer_Plesk-2.jpg
    139.5 KB · Views: 3
  • tv-eberbach-de_Zertifikatsseite.jpg
    tv-eberbach-de_Zertifikatsseite.jpg
    162.3 KB · Views: 3
  • savo-lee-com_Zertifikatsseite.jpg
    savo-lee-com_Zertifikatsseite.jpg
    164.9 KB · Views: 3
  • 2025-08-19_09-57-05.jpg
    2025-08-19_09-57-05.jpg
    224 KB · Views: 3
  • 2025-08-19_09-57-56.jpg
    2025-08-19_09-57-56.jpg
    226.9 KB · Views: 3
From what I can see, you texting the web port for the SSL on mail. That won't give you correct results.
Checking the mail port on the IP and domain you provided in screenshots seems that the SSL is correctly provided:

Code: 
$ echo "QUIT" | openssl s_client -connect <redacted>:465 -servername mail.<redacted>.com 2>&1 |grep subject
subject=CN = *.<redacted>.com
$ echo "01 LOGOUT" | openssl s_client -connect <redacted>:993 -servername mail.<redacted>.com 2>&1 |grep subject
subject=CN = *.<redacted>.com

So if you're using the correct ports, it should work on a mail client with the current setup.
 
You must log in or register to reply here.

Similar threads

K
Resolved How to control smtp.mailfrom in mails sent from Plesk?
Replies
3
Views
816
Kroptokin
K
K
Question Plesk VPS not return correct SSLCheck result
Replies
1
Views
81
scsa20
scsa20
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
2K
EnriqueR
EnriqueR
Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
2K
Polli
Polli
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
3K
HungLuu
H
Back
Top