Issue New certificate not being used for mail server

[DenizGelion]

Server operating system version

Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0 x86_64)

Plesk version and microupdate number

Version 18.0.43 Update #1

Hi there,

we have currently a big problem: We've replaced our SSL certificate two weeks in advance so we DON'T get into exactly THIS kind of trouble, yet here we are:


We added a new, valid certificate in Tools & Settingis > SSL / TLS Certificates, yet it doesn't seem to be used at all. All apps still show the old certificate, which is outdated since yesterday. It worked flawlessly to secure plesk and other domains, just the email server is still running the old one somehow.

A quick check with openssl s_client -showcerts -connect mail.SERVER.de:993 -servername mail.SERVER.de reveals that indeed, yes, it's still using the old one.

Why?

I've already followed the instructions from

https://support.plesk.com/hc/en-us/articles/115002620545-An-assigned-SSL-certificate-is-not-used-by-the-website

and

How to verify that SSL for IMAP/POP3/SMTP works and a proper SSL certificate is in use

Applicable to: Plesk for Linux Question How to verify that SSL for IMAP/POP3/SMTP works and a proper certificate is installed? Answer Using online checkers Check SSL using online tools: SSL C...

support.plesk.com

yet no change, nothing works. Tried restarting the server a couple times, nothing has changed. We're using Plesk Version 18.0.43 Update #1 on Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0 x86_64) currently.

This is very urgent, any kind of reply is very much appreciated. Thanks.

 

[DenizGelion]

I've already doublechecked the content of the dovecot files in /etc/dovecot/private and they're correct.

 

[IgorG]

This is very urgent,

BTW, in urgent cases, I'd suggest you contact Plesk Support Team.
This is just a community where one can help another. Or can't. No one owes anyone anything.

 

[DenizGelion]

BTW, in urgent cases, I'd suggest you contact Plesk Support Team.
This is just a community where one can help another. Or can't. No one owes anyone anything.

Obviously, but the community is usually faster, that's why I'm also trying it here

My reply hasn't been sent apparently, I wrote this yesterday (or so I thought):



Update: I've searched for a part of the old SSL certificate with

grep -rnw '/opt/psa/var/certificates' -e 'PARTOFTHEOLDCERTIFICATE'

and look who's there- a weird file called "scf1Hm" has still the old certificate in it. I've replaced the content of that file with the correct new certificate and it works. At least for now, from what I can tell.

I would still be interested why this file exists, who is using it and why?

 

[DenizGelion]

One year later we have the same exact issue yet again, but this time I cannot fix it because I can't find a file containing the old (or new for that matter) certificate. Any ideas?

 

[Peter Debik]

Please contact Plesk support staff, because the issue should not exist in the first place. Probably it was never truly resolved. The root cause needs to be found, and that can only be done on your server by a support engineer. Else we may be lucky to fix something, but not for good. When contacting support, please mention the link to this thread: https://talk.plesk.com/threads/new-certificate-not-being-used-for-mail-server.365056/

To sign-in to support please go to https://support.plesk.com

If you experience login issues, please see this KB article:
https://support.plesk.com/hc/en-us/...rt-plesk-com-and-password-reset-does-not-work

If you bought your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative:
https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-