• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Secure mail.customerdomain.com with Let's Encrypt certificate with no hosting

tofra

New Pleskian
I have a service plan where hosting is disabled and mail is enabled. Now when I request a Let's Encrypt certifcate (with SSL It!) I only get the option to request a certificate for webmail.customerdomain.com, not for securing the mail, which the customer can reach with mail.customerdomain.com.
Another option would be that the customer uses customerdomain.com for fetching the mail, but that is not possible when the customer has his website running somewhere else (as Let's Encrypt looks for customerdomain.com for using the .well-known stuff).

I also tried using the CLI:
[root@pleskhost ~]# plesk ext sslit --certificate -issue -domain mail.customerdomain.com -registrationEmail [email protected] -secure-webmail -secure-mail
Can not find domain by name 'mail.customerdomain.com'
exit status 3

And:
[root@pleskhost ~]# plesk ext sslit --certificate -issue -domain customerdomain.com -registrationEmail [email protected] -secure-webmail -secure-mail
[2021-11-15 17:11:11.853] 3023630:6192869f97f38 ERR [extension/sslit] Unable to secure domain customerdomain.com via CLI Validation failed:
Unable to secure a mail due to configuration of the specified domain.
Validation failed:
Unable to secure a mail due to configuration of the specified domain.
exit status 3

So how could I secure the mail with the assumption the mail runs at our plesk server, and the website somewhere else?
I prefer mail.customerdomain.com, but customerdomain.com would be ok if mail.customerdomain.com is not possible

Kind regards,
Tom
 
Unfortunately, now such a scenario of securing mail without domain web hosting is not implemented. We are considering such a possibility as part of the
EXTSSLIT-1406 request, but there is no ETA of implementation at the moment.
 
The only way to do this is as follows:
- unassigned the certificate of domain.com
- reissue a new certificate on domain.com for webmail.domain.com
- create a mail.domain.com subdomain
- issue a certificate on mail.domain.com
- create a cronjob (scheduled task) to assign the mail.domain.com certificate to the mail settings of domain.com:
- /sbin/plesk bin subscription_settings -u domain.com -mail_certificate "Lets Encrypt mail.domain.com"

That should do it.


Screenshot 2024-06-25 at 15.07.57.pngScreenshot 2024-06-25 at 15.11.13.png
 
Hello,

Thank you for your reply. How should I add the subdomain? I can't select the domain without hosting. When I press the add subdomain button in Plesk.

Ty.
 
Back
Top