Issue Plesk Mail With Android Gmail

[Sn M]

Hi, it seems that we're having issues setting up Plesk mail to work with Android Gmail because Gmail detects that the mail server hostname is different than the mail domain. I tried finding a fix on Google but with no luck. Outlook mail on Android works just fine so it seems to be a Gmail strict security policy issue.

Please check the attached image for the error received. When clicking advance a different error comes up: "Certificate subject and hostname mismatch" that doesn't let us proceed to the next step.

Our Plesk mail server uses a different domain SSL certificate than the domain we are trying to set up with Gmail so this is causing an issue. What can we do to be able to use Android Gmail with Plesk mail? Thank you in advance.

 

[Faris Raouf]

This must be something new on the Gmail side. I've never seen this error before. Normally Gmail is happy no matter what certificate is configured on the Plesk email server side.

It is easy enough to deal with, so don't worry.

When an email client (program, app, or Gmail as an email client in this case) connects to a mailserver using TLS, it looks at the certificate that the mailserver is configured to use, and checks to see if it matches the address entered for the pop3/imap/smtp server address. If it does not match, or if the certificate is invalid in any way, you get an error message about an invalid or mismatching certificate, which is what seems to be happening in your case.

You need to keep in mind that Postfix, which is the default email server in Plesk on Linux, can only be configured to use one SSL certificate. You choose which certificate this is in Tools & Settings > SSL/TLS certificates.

If your Plesk server hostname is plesk.your-domain.tld and you have a TLS certificate for it (either purchased or Lets Encrypt), then you can tell Plesk to use that certificate for email. Then. when you configure Gmail to collect email, you enter plesk.your-domain.tld as the pop3/imap/smtp server address. It does not matter that the email username may be [email protected] -- that doesn't come into the SSL/TLS equation at all in any way.

An alternative to useing plesk.you-domain.tld would be if you have a domain set up like your-hosting-company-name.tld and you have a certificate for that. In that case you can use that for the email certificate, and enter your-hosting-company-name.tld as the pop3/imap/smtp address.

The crucial thing, in a nutshell, is to make sure the SSL/TLS certificate you tell Plesk to use, and the pop3/imap/smtp server address you enter in Gmail (or any email client or all) match.

It is not necessary for the pop3/imap/smtp server address to match the email address/username in any way. Nor does Gmail or any email client/app care what domain is used in the username. Indeed, the username is simply a username, and the fact that it contains a domain is unimportant.

All that's required is for whatever address you enter for the pop3/imap/smtp server address to point to your plesk server, and for the ssl/tls certificate configured in plesk to cover that address.

Note that if you have resellers who don't want to tell their customers to enter a pop3/imap/smtp server address involving a third party company name, you can always register a generic domain like my-generic-email-server.tld, set it up in plesk to get a certificate for it, set plesk to use that certificate for email, and then tell everything (and Gmail) to use that domain as the pop3/imap/smtp server address.

 

[Sn M]

Hi Faris, thank you for your input. The issue is Gmail doesn't even allow us to get to that page! We're still stuck on the enter an email address page. What you're solution is describing would require us to input those settings on the next page which we can't reach.