• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Problem with install Let's Encrypt SSL/TLS certificate

H

HungLuu

New Pleskian
Server operating system version
CentOS 7.9
Plesk version and microupdate number
v18.0.64
Hi everyone,

I have a domain hosted on Plesk. The application is hosted on scaleway server, but I’m using the mail server from the Plesk provider. When I try to install a Let’s Encrypt SSL/TLS certificate for this domain in Plesk, I get the following error:

Unable to generate SSL/TLS certificate for

Details:

Unable to generate a Let's Encrypt SSL/TLS certificate for phymep.com.

Go to http://phymep.com/.well-known/acme-challenge/YQGHfIkGhkeS367M9E-KjeFHoqQaGkIB-B51OdWZGxc and check if the authorization token is available.

If it is, request the certificate again. If the token is not available, there may be a DNS configuration issue.

In Plesk, your domain is hosted on IP address: , but the DNS challenge used a different IP:

Check that the IP addresses specified in the domain's DNS zone match the IP addresses hosting the domain.
Click to expand...
From my research, it seems Let’s Encrypt can’t verify the domain because the server is not owned by Plesk. Is there any way to resolve this? My goal is to secure the mail server, as I receive a security warning in Thunderbird when downloading emails.

Thank you!
 
Hi,

in this case you should use the server name in the Thunderbird configuration.

For me it's not ideal, and I wish there was the posibility to secure a mail only domain with its own certificate. It's more transparent and cleaner for the clients and allows for easier future migrations.
 
You should secure the mail server with a certificate: Securing Plesk and the Mail Server With SSL/TLS Certificates
Click to expand...
The Plesk provider informed me that the mail server is secured with a Let’s Encrypt certificate like the docs you give me. However, when I use sslshopper.com to check the certificate, it’s marked as untrusted because the common name doesn’t match the mail server name.

Is there something I’m misunderstanding about certificates for mail servers? I’m new to this, so any help to clarify would be greatly appreciated. Thank you!
 
HungLuu said:
The Plesk provider informed me that the mail server is secured with a Let’s Encrypt certificate like the docs you give me. However, when I use sslshopper.com to check the certificate, it’s marked as untrusted because the common name doesn’t match the mail server name.

Is there something I’m misunderstanding about certificates for mail servers? I’m new to this, so any help to clarify would be greatly appreciated. Thank you!
Click to expand...
If it's the same certificate used to secure the Plesk panel, the "Server hostname" in Thunderbird is the hostname of the Plesk server.
 
You must log in or register to reply here.

Similar threads

M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
299
mendip_discovery
M
D
Question Renewing Let's encrypt automatically
Replies
3
Views
519
Kaspar
K
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
782
mow
M
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
928
tessa67
T
jradzuweit
Resolved How to update Let'S Encrypt certificate with SSL It!
Replies
4
Views
332
jradzuweit
jradzuweit
Back
Top