Forwarded to devs MailEnable and certificate for mail

[Frank.P]

User name: Javier P.

TITLE

MailEnable and certificate for mail

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Windows Server 2016 , Plesk Obsidian 18.0.26, MailEnable Enterprice 10.30

PROBLEM DESCRIPTION

http://mydomains:8880/smb/mail-settings/edit/id/35/domainId/35

Into mail seting:

I can set the certificate Let Encrypt for webmail withour problem, but not for SSL/TLS service. Plesk save, but not apply to MailEnable

STEPS TO REPRODUCE

Set any LetEncript in SSL/TLS mail service , then go to RPD to MailEnable software

Server > Localhost > IP Biding > Domains

The certificate is not set and show [default certificate]

If I select in ME one of the list , then go to Plesk and try again the steps ... Plesk change to [default certificate]

ACTUAL RESULT

Plesk save setting , but not apply. Not create a certificate into MailEnable in Windows Cert Store LocalMachine

EXPECTED RESULT

Plesk import LetEncrypt cert to LocalMachine

Something like:
Import-Certificate -FilePath "C:\Users\Xyz\Cert.Cer" -CertStoreLocation Cert:\LocalMachine\Root

OR

openssl pkcs12 -export -in mycert.cer -inkey privateKey.key -out mycert.pfx -certfile mycert.cer



ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[IgorG]

Please enable filter.priority = 7 in panel.ini, assign certificate for domain Mail service in Plesk and show php_error.log entries.

 

[Frank.P]

[2020-05-12 15:38:34] DEBUG [util_exec] [7c711839fc0b3d0ff8783a3568d8ae19-0] Starting: mailmng --install-domain-certificate --domain-name=mydomain.com --cert-file=C:\Program Files (x86)\Plesk\/var/certificates/scfE15F.tmp
[2020-05-12 15:38:35] DEBUG [util_exec] [7c711839fc0b3d0ff8783a3568d8ae19-0] Finished in 0.43631s, Error code: 0
[2020-05-12 15:38:35] DEBUG [util_exec] [e4b89a1dff7d16015e26527d9e7b20c6-0] Starting: mailmng --set-discard --domain-name=mydomain.com
[2020-05-12 15:38:35] DEBUG [util_exec] [e4b89a1dff7d16015e26527d9e7b20c6-0] Finished in 0.18144s, Error code: 0
[2020-05-12 15:38:35] DEBUG [util_exec] [099db6231604fc562da82a002e78af3f-0] Starting: certmng --install-web-certificate --name=Lets Encrypt mydomain.com --certificate-path=C:\Program Files (x86)\Plesk\var\certificates\scfE15F.tmp --ca-certificate-path=C:\Program Files (x86)\Plesk\var\certificates\scfE392.tmp
[2020-05-12 15:38:35] DEBUG [util_exec] [099db6231604fc562da82a002e78af3f-0] Finished in 0.11761s, Error code: 0
[2020-05-12 15:38:35] DEBUG [panel] Update webmail link for mydomain.com, webmail site configuration XML:
<configuration><type name="mewebmail"><update host="mydomain.com" sslCertHash="6e1e21ead8bc0a50971c397cfa1b28333a6e032f"/></type></configuration>
[2020-05-12 15:38:35] DEBUG [util_exec] [856ab9c86f9ded66f1082309007ee062-0] Starting: websrvmng --update-webmail-links --config=C:/Program Files (x86)/Plesk/PrivateTemp/iuw6ee1873c.tmp
[2020-05-12 15:38:36] DEBUG [util_exec] [856ab9c86f9ded66f1082309007ee062-0] Finished in 0.82409s, Error code: 0
[2020-05-12 15:38:36] INFO [panel.ui] La configuración de correo para mydomain.com se ha actualizado correctamente.
[2020-05-12 15:38:39] ERR [panel] RuntimeException: Unable to write to stream: fwrite(): send of 4 bytes failed with errno=10054 Se ha forzado la interrupción de una conexión existente por el host remoto.

file: C:\Program Files (x86)\Plesk\admin\plib\vendor\react\stream\src\WritableResourceStream.php
line: 143
code: 0
trace: #0 C:\Program Files (x86)\Plesk\admin\plib\vendor\react\event-loop\src\StreamSelectLoop.php(252): React\Stream\WritableResourceStream->handleWrite(resource)
#1 C:\Program Files (x86)\Plesk\admin\plib\vendor\react\event-loop\src\StreamSelectLoop.php(211): React\EventLoop\StreamSelectLoop->waitForStreamActivity(integer '1735214')
#2 C:\Program Files (x86)\Plesk\admin\plib\WebSocket\bin\ws-server.php(27): React\EventLoop\StreamSelectLoop->run()
--
#0 C:\Program Files (x86)\Plesk\admin\plib\vendor\react\event-loop\src\StreamSelectLoop.php(252): React\Stream\WritableResourceStream->handleWrite(resource)
#1 C:\Program Files (x86)\Plesk\admin\plib\vendor\react\event-loop\src\StreamSelectLoop.php(211): React\EventLoop\StreamSelectLoop->waitForStreamActivity(integer '1735214')
#2 C:\Program Files (x86)\Plesk\admin\plib\WebSocket\bin\ws-server.php(27): React\EventLoop\StreamSelectLoop->run()

 

[IgorG]

From developer:

Certificate will be installed to the Windows Certificate Store after the command execution:

[2020-05-12 15:38:34] DEBUG [util_exec] [7c711839fc0b3d0ff8783a3568d8ae19-0] Starting: mailmng --install-domain-certificate --domain-name=mydomain.com --cert-file=C:\Program Files (x86)\Plesk\/var/certificates/scfE15F.tmp

[2020-05-12 15:38:35] DEBUG [util_exec] [7c711839fc0b3d0ff8783a3568d8ae19-0] Finished in 0.43631s, Error code: 0

You can check it by commands:

PS C:\Users\Administrator> Set-Location Cert:\LocalMachine\My

PS Cert:\LocalMachine\My> Get-ChildItem | Format-Table Subject, Thumbprint -AutoSize

There is no additional configuration required.

 

[Frank.P]

PS RESPONSE :

Subject
-------
OU=AC RAIZ FNMT-RCM, O=FNMT-RCM
CN=mydomain.com
CN=127.0.0.1
CN=SERVER
CN=WMSvc-SHA2-SERVER172344


It is possible the reason of error is an other cert with same CN.

I delete the certificate with same CN, then go to Plesk and try again and now work.

This is the problem, Plesk not delete other certificate with same CN before import.

And I think .... when past 60 days and this certificate will be renew ... happend the same thing ???

 

[Frank.P]

Now work the import and in MailENable get the right certificate, but when I check it with //email/testTo: said wrong certificate and Fail.

TLS Negotiation failed, the certificate doesn't match the host

I think the problem is certificate MailEnable use default certificate and not the PostOffice set by Plesk

 

[Frank.P]

Yes, the problem is MailEnable ... I am talking with Support. The problem is ME use the first certificate of store with CN and not the selected by default of any postoffice