• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Problem with install Let's Encrypt SSL/TLS certificate

HungLuu

New Pleskian
Server operating system version
CentOS 7.9
Plesk version and microupdate number
v18.0.64
Hi everyone,

I have a domain hosted on Plesk. The application is hosted on scaleway server, but I’m using the mail server from the Plesk provider. When I try to install a Let’s Encrypt SSL/TLS certificate for this domain in Plesk, I get the following error:


Unable to generate SSL/TLS certificate for

Details:

Unable to generate a Let's Encrypt SSL/TLS certificate for phymep.com.

Go to http://phymep.com/.well-known/acme-challenge/YQGHfIkGhkeS367M9E-KjeFHoqQaGkIB-B51OdWZGxc and check if the authorization token is available.

If it is, request the certificate again. If the token is not available, there may be a DNS configuration issue.

In Plesk, your domain is hosted on IP address: , but the DNS challenge used a different IP:

Check that the IP addresses specified in the domain's DNS zone match the IP addresses hosting the domain.

From my research, it seems Let’s Encrypt can’t verify the domain because the server is not owned by Plesk. Is there any way to resolve this? My goal is to secure the mail server, as I receive a security warning in Thunderbird when downloading emails.

Thank you!
 
Hi,

in this case you should use the server name in the Thunderbird configuration.

For me it's not ideal, and I wish there was the posibility to secure a mail only domain with its own certificate. It's more transparent and cleaner for the clients and allows for easier future migrations.
 
You should secure the mail server with a certificate: Securing Plesk and the Mail Server With SSL/TLS Certificates
The Plesk provider informed me that the mail server is secured with a Let’s Encrypt certificate like the docs you give me. However, when I use sslshopper.com to check the certificate, it’s marked as untrusted because the common name doesn’t match the mail server name.

Is there something I’m misunderstanding about certificates for mail servers? I’m new to this, so any help to clarify would be greatly appreciated. Thank you!
 
The Plesk provider informed me that the mail server is secured with a Let’s Encrypt certificate like the docs you give me. However, when I use sslshopper.com to check the certificate, it’s marked as untrusted because the common name doesn’t match the mail server name.

Is there something I’m misunderstanding about certificates for mail servers? I’m new to this, so any help to clarify would be greatly appreciated. Thank you!
If it's the same certificate used to secure the Plesk panel, the "Server hostname" in Thunderbird is the hostname of the Plesk server.
 
Back
Top