• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Secure mail.customerdomain.com with Let's Encrypt certificate with no hosting

T

tofra

New Pleskian
I have a service plan where hosting is disabled and mail is enabled. Now when I request a Let's Encrypt certifcate (with SSL It!) I only get the option to request a certificate for webmail.customerdomain.com, not for securing the mail, which the customer can reach with mail.customerdomain.com.
Another option would be that the customer uses customerdomain.com for fetching the mail, but that is not possible when the customer has his website running somewhere else (as Let's Encrypt looks for customerdomain.com for using the .well-known stuff).

I also tried using the CLI:
[root@pleskhost ~]# plesk ext sslit --certificate -issue -domain mail.customerdomain.com -registrationEmail [email protected] -secure-webmail -secure-mail
Can not find domain by name 'mail.customerdomain.com'
exit status 3

And:
[root@pleskhost ~]# plesk ext sslit --certificate -issue -domain customerdomain.com -registrationEmail [email protected] -secure-webmail -secure-mail
[2021-11-15 17:11:11.853] 3023630:6192869f97f38 ERR [extension/sslit] Unable to secure domain customerdomain.com via CLI Validation failed:
Unable to secure a mail due to configuration of the specified domain.
Validation failed:
Unable to secure a mail due to configuration of the specified domain.
exit status 3

So how could I secure the mail with the assumption the mail runs at our plesk server, and the website somewhere else?
I prefer mail.customerdomain.com, but customerdomain.com would be ok if mail.customerdomain.com is not possible

Kind regards,
Tom
 
Unfortunately, now such a scenario of securing mail without domain web hosting is not implemented. We are considering such a possibility as part of the
EXTSSLIT-1406 request, but there is no ETA of implementation at the moment.
 
The only way to do this is as follows:
- unassigned the certificate of domain.com
- reissue a new certificate on domain.com for webmail.domain.com
- create a mail.domain.com subdomain
- issue a certificate on mail.domain.com
- create a cronjob (scheduled task) to assign the mail.domain.com certificate to the mail settings of domain.com:
- /sbin/plesk bin subscription_settings -u domain.com -mail_certificate "Lets Encrypt mail.domain.com"

That should do it.


Screenshot 2024-06-25 at 15.07.57.pngScreenshot 2024-06-25 at 15.11.13.png
 
Hello,

Thank you for your reply. How should I add the subdomain? I can't select the domain without hosting. When I press the add subdomain button in Plesk.

Ty.
 
You must log in or register to reply here.

Similar threads

T
Issue Forwarded domain can't be secured
Replies
3
Views
496
TomBoB
T
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
760
mow
M
P
Issue Certificate problem in Plesk
Replies
5
Views
330
Raul A.
R
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
889
tessa67
T
Quinten
Resolved Lets Encrypt for mails server problem
Replies
2
Views
471
Quinten
Quinten
Back
Top