• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Plesk mail on iphone with cert problems

A

Alex Cote

New Pleskian
Im having problems with the free certs generated by plesk. They are not updating after expiration and my clients iphones not updating with the new cert info.
Gets anoying as hell to have to reinstall the mail accounts every 3 months.

What do I need to do to fix this issue?
 
Some Apple mail installations are not able to handle a renewal of Let's Encrypt certificates. When a certificate is renewed, the devices think, it is a brand new certificate, not a renewal of the existing certificate. That is why they do not accept these certificates. It is a known Apple bug that has been a round since Let's Encrypt became popular. Last thing that I remember was that you need to update the device's operating system and mail app to solve the issue.
 
Same cert expires and I have to delete the account and reinstall it to get to work. If not it just gets stuck with the old expired cert. pop-up comes up to renew and it doesnt change.
 
So the issue is not that the iPhone or Thunderbird don't accept a re-issued cert, but your issue is that the cert itself is not automatically updated and you have to update the cert manually in Plesk. Is that so?
 
Are you using the "SSLit!" extension to maintain your certificates? If not, can you switch to it, because it is a requirement for some configurations.
Are you using SNI? Are you using wildcard certificates? In the past there have been reports where in both cases certificates cannot be auto-re-issued.
 
SNI: When you create or reissue a certificate you can determine what components shall be included in the certificate. For example you can add the "Mail access". In the "Mail Settings" you will also need to select the certificate from the "SSL/TLS certificate for mail" if you do not use the host name for your mail program.

I am only asking to narrow down the certificate issue. It is not really directly linked to this, but you need to be very exact what cert you have where and how you use it. Also, when the cert does not renew, you should get an error message why it does not automatically renew. Have you seen such an error message, e.g. in an email notification?

Normally, when a cert cannot be auto-renewed, the cause is a faulty DNS record of the domain. Are you using the Plesk DNS system or is your DNS external? Are you using cloudflare for example that might block a request from Let's Encrypt to your server? Is your DNS configured correctly so that only a single IP is listed for the domain and not multiple IPs that might not be correct? Are you using IPv6 or IPv4 only?


sni.jpg
 
Nah thats not it. Im still using the plesk lets encrypt cert. So shouldnt be a problem.
And my DNS entry is opened. Not filtered.
 
But you do get an error message when a cert renewal fails? What exactly does it say?

If you have not received it by mail, you can look into /var/log/plesk/panel.log. All renewal errors are logged there, no debug mode necessary. Can you provide the error message here (with redacted domain and IP)?
 
Issue is back after the cert expiring last night. I get the not trusted on all apple devices. And cant event press to get it accpet the renewal.
 
Is there a better way to get this solved. ? buy a 1 year SSL? I dont care about the site since I use cloudflare. I only care about the emails.
 
You must log in or register to reply here.

Similar threads

zwankie
Question Also allow non-SSL SMTP Connections
Replies
2
Views
1K
zwankie
zwankie
carlsson
Question Script to install mail account on Apple Mail
Replies
3
Views
400
austriadesign
austriadesign
marvin
Issue Plesk-hosted Email down
Replies
7
Views
935
Peter Debik
P
O
Question iOS 17 beta - unable to fetch IMAP mails - Plesk workaround?
Replies
2
Views
2K
MarkM
MarkM
M
Resolved Cannot install or retrieve license key
2
Replies
22
Views
10K
mazo0012
M
Back
Top