Issue Plesk serves expired Mail certificates despite updated ones being installed

[Jay Versluis]

Hello all,

I have a rather weird issue with securing mail on a Plesk Onyx system. Recently, my mail certificates expired. So I thought, time to renew it. At first I tried doing this with the same CSR as before, just getting a new certificate and replacing it in Plesk, leaving the CA certs alone. But to my surprise, Plesk was still serving the expired certificates instead.

No problem, I created a new certificate, and got my cert re-issued using the new CSR, then chose the new certificate to secure mail with it. Restarted the server. Now we should definitely see the updated certs, right?

Sadly no - Plesk is STILL serving my old expired mail certificate. What's going on? Where do I go from here? What do I check next, and is there something like a script I can run to make Plesk refresh the mail certificates? If you need further info, lease let me know.

My specs are Plesk Onyx 17.5.3 #22, running on CentOS 7.4.1708.

Any help appreciated!

 

[UFHH01]

Hi Jay Versluis,

the CSR itself is not used to secure your mail - server, instead the "key", "cert" and "ca" is used, as you might have noticed, when inspecting for example: /etc/postfix/main.cf .

then chose the new certificate to secure mail with it

Could you provide the step-by-step procedure, so that we might be able to point you to ( possible ) inadequacies?

What do I check next, and is there something like a script I can run to make Plesk refresh the mail certificates?

Plesk comes with the "Plesk Repair Utility", with which you have the choice to repair mail - settings.

=> Plesk Repair Utility: Mail​

Pls. check as well, that the corresonding certificate ( for example "/etc/postfix/postfix.pem" ) should have been edited with the new certificate parts.