Question Secure mail.customerdomain.com with Let's Encrypt certificate with no hosting

[tofra]

I have a service plan where hosting is disabled and mail is enabled. Now when I request a Let's Encrypt certifcate (with SSL It!) I only get the option to request a certificate for webmail.customerdomain.com, not for securing the mail, which the customer can reach with mail.customerdomain.com.
Another option would be that the customer uses customerdomain.com for fetching the mail, but that is not possible when the customer has his website running somewhere else (as Let's Encrypt looks for customerdomain.com for using the .well-known stuff).

I also tried using the CLI:
[root@pleskhost ~]# plesk ext sslit --certificate -issue -domain mail.customerdomain.com -registrationEmail [email protected] -secure-webmail -secure-mail
Can not find domain by name 'mail.customerdomain.com'
exit status 3

And:
[root@pleskhost ~]# plesk ext sslit --certificate -issue -domain customerdomain.com -registrationEmail [email protected] -secure-webmail -secure-mail
[2021-11-15 17:11:11.853] 3023630:6192869f97f38 ERR [extension/sslit] Unable to secure domain customerdomain.com via CLI Validation failed:
Unable to secure a mail due to configuration of the specified domain.
Validation failed:
Unable to secure a mail due to configuration of the specified domain.
exit status 3

So how could I secure the mail with the assumption the mail runs at our plesk server, and the website somewhere else?
I prefer mail.customerdomain.com, but customerdomain.com would be ok if mail.customerdomain.com is not possible

Kind regards,
Tom

 

[IgorG]

Unfortunately, now such a scenario of securing mail without domain web hosting is not implemented. We are considering such a possibility as part of the
EXTSSLIT-1406 request, but there is no ETA of implementation at the moment.