• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Resolved plesks mail server cert will not update

T

TomBoB

Silver Pleskian
mail server cert seems to be stuck on the default parallels cert. and cannot be updated.

Done hte tools & settings , etc as per https://support.plesk.com/hc/en-us/articles/115000179934 which shows it SHOULD use the lets encrypt cert. however it is still on parallels default.

Tried to set the mail servers cert as per How to secure Plesk and mail server with Let's Encrypt certificate via CLI? and that didn't help either.

email clients stilll are served the default parallels cert.
And a
Code: 
openssl s_client -showcerts -connect proper.hostname.com:995

still results in
Code: 
CONNECTED(00000003)
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = [email protected]
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = [email protected]
verify error:num=10:certificate has expired
notAfter=Dec  1 12:04:42 2016 GMT
verify return:1
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = [email protected]
notAfter=Dec  1 12:04:42 2016 GMT
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/[email protected]
   i:/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/[email protected]

any idea what else I can try to get Plesks mail server recognise the proper cert instead the original; default?

Cheers,
Tom
 
Please check your panel.ini file if it contains

[ext-letsencrypt]
key-algorithm = ECDSA
ecdsa-curve-name = prime256v1 ; can be omitted

The ECDSA certificates cannot be handled by the mail certificate setting. You need to remove ECDSA algorithm, then re-generate the certificate. It will then work again.
 
Hi Peter,

you're a star! Nailed it! Thanks for the help!!

I actually read the lets encrypt extension forum which makes it quite clear - however being down with Hepatitis A, I forgot it as quickly as I read it...

A big thanks again,
Tom
 
You must log in or register to reply here.

Similar threads

F
Issue Let's encrypt ssl trouble mailserver
Replies
1
Views
1K
flint
F
M
Issue Plesk showing Cloudflare Origin CA cert, but server still serving Google Trust cert
Replies
3
Views
6K
mauricekindermann
M
defcon8
Issue SMTP SSL Certificate Expired
Replies
2
Views
3K
defcon8
defcon8
flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
3K
flederwiesel
flederwiesel
C
Question Strange SNI (?) issue related to IPv6 (?)
Replies
2
Views
4K
Carbon Dioxide
C
Back
Top