Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)

[Chucky_213123]

Server operating system version

CentOS Linux 7.9.2009

Plesk version and microupdate number

Plesk Obsidian 18.0.66 Update #2

Hi all,

I have Letsencrypt SSL certs installed for all of my domains (7 in total), and everything works fine from the web side of things.

Two, for example are

urizenmedia.com
jewellerymentor.com.au

For email though, all domains report the SSL as invalid.

Using www.sslshopper.com/ssl-checker.html to check the state of things, www.urizenmedia.com or www.jewellerymentor.com.au work fine.

When checking mail.jewellerymentor.com.au though, mail clients report the cert is invalid, and the ssl check tool reports the server common name as urizenmedia.com.

Even for the domain urizenmedia.com itself, it reports the same error. This is the case for all 7 domains.

I've checked the obvious things.

Under Domain > Dashboard > SSL > mail access is secured with LetsEnrypt.

Under Domain > Mail > Mail settings > the "SSL certificate for mail" is selected to 'Lets Encrypt jewellerymentor.com.au' and so on.

All the domains have their correct cert applied.

I'm just lost how/where they are getting urizenmedia.com as the common name. This wasn't even the first domain that was added to the server.

What am I missing?

Thanks in advance

 

[scsa20]

Try re-issuing the certificate choosing to use a wildcard instead and see what happens.

 

[psxeu]

It seems a bit like my issue:

I have just installed Plesk 18.0.67 (Almalinux 9). I have set the mail server to ” Send from the specified IP addresses” where I have specified an IP4 and IP6 address.

At the moment the server hosts 3 domains. Each domain has a mail.domain.tld A and AAAA record which points to the above mentioned IP addresses. If I visit this address in a browser I get a warning about the SSL certificate (I am using Lets Encrypt). The certificate is issued to the server: servername.otherdomain.tld and not to mail.domain.tld

I was wondering if I had set it up wrong

 

[Kaspar]

Secured mail connections on mail.<domain.tld> aren't supported by Plesk. Instead you can use either the second level domain (example.com) or the server host name for secured mail connections.

 

[Chucky_213123]

Secured mail connections on mail.<domain.tld> aren't supported by Plesk.

I see now that "mail access" being secured doesn't include mail.domain.tld.

Just imap.domain.ltd, etc.

Seems like a strange omission, but oh well.

Instead you can use either the second level domain (example.com) or the server host name for secured mail connections.

Installing a wildcard SSL as @scsa20 suggested resolved it in the end.

Thanks all.