• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Plesk + Lets Encrypt + iOS/MacOS Cert Issue -- Need Input

bradz

Regular Pleskian
Related Posts:
talk.plesk.com post-8525
support.plesk.com article 115004756974

iOS/MacOS can be set up to use mail and cert trusted in a shared IP hosting environment. However after cert is renewed after 3 months for better security, iOS/MacOS mail stops workings and puts up warnings message about cert every 5 seconds with no way to trust cert. To stop the warning popups, one must either, turn off mail account, disable SSL, or delete account / re-setup (Repeat in 3 months).

As a Mac user, I was able to escalate this to an engineer level who stated this was by design.

Is this approach valid and supported for security concerns?

MY POINT OF VIEW:
With the device using a valid DNS server, iOS/MacOS is able to lookup
- Client Domain Name, Shared IP & Primary Domain Name
- SSL Cert associated with Share IP/Primary Domain Name
- SSL Cert associated with Client Domain Name

I feel the device should make a better analysis, give the user more details and allow the user to trust or let the device trust by default.

I also feel that security is a gradient vs on/off. The user should be aware of this and decide needed level based on usage.

I do not see why a Cert Renewal should disable the Mail.

As a Plesk Admin/Email Provider, I keep getting support calls from other iOS/MacOS users.

Your thoughts Please! What am I missing? Am I wrong and why?
Thanks,
Brad
 
After More Testing with an IOS Support agent,
After the Cert renews and mail stops working, one can turn off SSL, click done, go to mail, go back to settings, turn On SSL, THEN the CONTINUE option is available (CONTINUE trusts the Cert).
I will be monitoring to see if this will again happen next time the Cert renews.
Please post any details which will be helpful to report back to IOS Support agent.
 
Back
Top