• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Plesk + Lets Encrypt + iPhone trusting cert

It is possible to combine many different domain names into the same Let's Encrypt certificate, but it is not possible to use it that way in Plesk for the hostname and a domain name without manual intervention on the file level.
 
thanks Peter,
so...
1) is this easy to manually do? add the 2 domains at the file level? can you show me? :)

2) also confirming this:
when using Plesk Panel --- the plesk email server is at host.domain.com => the standard config?
and all clients are at domain.com => again, standard config.

Then ALL email on Plesk panel is sent from host.domain.com and NOT from each client domain, right?

meaning, the email server is NOT on each client domain, correct?
 
ultimately in the OP, does everyone hosting email and using Lets Encrypt on Plesk have the same issue with iPhone Emails?
or am I just special :(
 
It is easy when you use a script like "certbot". Please see Certbot and the documentation there. However, I have never tested how this works with Plesk. I am sure you should never us the automatic web server configuration file changes ... But with "certbot certonly" command, it might work.

The SMTP server is sending from host.domain.com, not from the client domain.
 
There is no issue with iPhones. The only issue is that Apple users normally don't know how to operate their own devices and can only work with "assistants" on them. But the moment when they are required to enter configuration data like the correct host name themselves they frequently experience problems :D It is really an interesting thing to see. I can say that at least 9 out of 10 support requests that we are getting for e-mail setup are coming from Apple users. Not because their software would not work with Plesk or servers in general, but because they are not used to having to do real configuration work. As Plesk does not have an autoconfigure XML file in place, the phones won't pick up the correct configuraton data automatically.
 
thanks for the info... however

the people at
Plesk Onyx + lets encrypt + iphone (lack of trust button)

are saying its a Plesk issue on how it handles (doesn't handle) the SNI.

1) from above the "certbot", it is saying to use the plesk / lets encrypt extension, which I do have installed. But I don't see how it allows 2 domains on 1 cert?
2) from the letsencrypt form, mail server cert (ie. host.servername.com) and client domain cert (domain.com) are not working together.
as in client host settings are domain.com BUT the mail is served from host.servername.com. Then the trust is NOT there because using client domain but email coming from another domain.
3) now in theory, if my clients used host.servername.com as in the incoming/outgoing settings on the email client... that should work, BUT then I lose features/benefits on email reporting.
I have a 3rd party mail filter and reporting would then be grouped ALL email under 1 domain. => not good.


PS. about iphone email, if 9 out of 10 people are having troubles... its an iphone problem. I will say, the iphone email settings are VERY confusing, multiple screens, catch 22s... I mean, there is a specific process just to delete an email account and the stmp server. There are 3 screens that have the user/password on it. 3 different screens. Is apple trying to make it hard? Point blank - android email is simple and it works. iphone can't even put a check box to trust a cert
 
larryk said:
ultimately in the OP, does everyone hosting email and using Lets Encrypt on Plesk have the same issue with iPhone Emails? or am I just special :(
Click to expand...
FWIW We use Let's Encrypt *Wildcard Certificates on both the host.domain.com and lots of individual domains. In our case, they all share the same IP address. We don't use Certbot and we don't use the Plesk Let's Encrypt extension because, there's a bit more work to be done on it yet, for use with *Wildcard Certificates, but non *Wildcard Certificates are fine using the Plesk extension. We use THIS provider so it's more of a manual process, but it's simple, easy and works everytime without any problems for us. *Wildcard Certificates renewals need careful organising though, as they are also still a manual process, not automatic.

Perhaps most relevant to your post, is that we don't have any issues with any mail clients that are being used, including many iPhone users. That maybe down to how mail is setup within Plesk in terms of Server Settings and Mail Settings and the various choices that are available within there though, but certificates have never been an issue with mail for us.

We're guessing, but are reasonably sure it's correct, that if, you have a separate IP address for each domain (including a separate IP address for host.domain.com) then the plus side is that the whole thing becomes very easy by comparison. The minus side being, that there's a lot more (repetitive) initial setup work to do, especially if you have many domains...Can't comment more than that, as we're currently moving everything over to a new Ubuntu 18.04.1 / Plesk 17.8.11 server setup, but we're not anticipating any Plesk mail problems on that either, to be fair
 
eeeekkk!!!
so it appears there are many "catch 22s" that are involved. and yes EVERYTHING has pros/cons... except you don't' learn of them UNTIL you use them :(
which means, AFTER THE FACT.

FYI.
Chief of Unicorns
Learning_Curve

awesome names!!!! :) and thanks for replying!

anyway, it seems for me with the existing software I have, etc. etc.
I will buy a 2 year SSL license and put that on my mail server domain. so that my clients, even the ones with iphones... they will need to redo their iphone settings 1 more time
but not have to touch it for 2 years :)

= it would be nice if Plesk allowed my situation to work with the Lets Encrypt extension, but that seems months or years down the line?
= maybe apple will add the trust check box for iphone users = but since it doesn't already exist, it seems like it will NOT happen.
 
larryk said:
I will buy a 2 year SSL license and put that on my mail server domain. so that my clients, even the ones with iphones... they will need to redo their iphone settings 1 more time, but not have to touch it for 2 years :)
Click to expand...
:D:D:D Looks like all those Apple FanBoys won't be sending you an Xmas card then? :rolleyes:

None of the IOS / Mac OS / Android / Windows / Ubuntu etc users have ever needed to "...touch it..." (well so far anyway / after several renewals) once any of the FREE Let's Encrypt Certificates have been renewed... on any of the domains that we have. Just saying ;) but yes, YMMV of course
 
question???

attached is the SSL tab in plesk:
does something look odd/strange on it?

ssl.jpg

fyi. i bought the 2 year ssl and was going to add it to the cert for securing mail....
when it dawned on me... Why does the LE cert have zero used domains?
 
You must log in or register to reply here.

Similar threads

N
Issue Plesk Hostingpanel SSL Certificate Appearing in SSL Test for My Domain
Replies
0
Views
133
nmrtec
N
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
1K
tessa67
T
D
Question Renewing Let's encrypt automatically
Replies
3
Views
571
Kaspar
K
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
412
HungLuu
H
J
Question Let's Encrypt coming from cPanel to Plesk
Replies
3
Views
1K
Kaspar@Plesk
Kaspar@Plesk
Back
Top