• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Securing mail subdomain with SSL

psxeu

psxeu

Basic Pleskian
Hi

When a new domain is created in my system (lets call it domain.com) a MX record is created saying

domain.com mx mail.domain.com

and an A record is created saying

mail.domain.com a 000.000.000.000

however the mail.domain.com is not secured by lets encrypt SSL.

So my question is:

1)
Is it wrong the way the DNS for mail is created?

2)
How do I get the mail subdomain automatically secured by lets encrypt SSL?
 
Let’s Encrypt does not currently offer “wildcard” certificates.
So you will need to be able to list all the domains you want a certificate for, you can’t (as you can with some of the pricier paid certificates) get just one that works for every possible name in your domain.

With Let’s Encrypt you’d need to issue new certificates for any new names you needed.
 
psxeu said:
How do I get the mail subdomain automatically secured by lets encrypt SSL?
Click to expand...
That is not what you want. You are asking how to use the same SMTP server for multiple domains, secure each of the outgoing SMTP mail server domains from your DNS settings with a certificate and send all mail using an individual server name instead of using the one-and-only SMTP hostname.

From experience I can only recommend to forget about it. One host = one SMTP server = one hostname for outgoing mail. You can secure that outgoing mail hostname by a certificate from the SSL/TLS configuration menu in the Tools & Settings area of Plesk. It is absolutely normal and best practice to not to have a different outgoing mail server name and different matching certificates for that in an environment that is hosting more than a single domain. In everyday use it does not matter whether a mail is sent through sdfdf.39i3kd.com or through <mydomain>.com or whatsoever, as recipients won't notice and neither care what technical hostname the mail is being sent from.
 
If you have installed the Let's Encrypt extension, you can choose your domain and in the next step choose the option:
"secure also webmail on this domain"

To secure your "mail host" please use a serverwide ssl certificate for this case.

As Peter wrote:
One host = one SMTP server = one hostname for outgoing mail.
Click to expand...
 
You must log in or register to reply here.

Similar threads

P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
760
mow
M
D
Question Renewing Let's encrypt automatically
Replies
3
Views
494
Kaspar
K
P
Issue Certificate problem in Plesk
Replies
5
Views
331
Raul A.
R
Fabian H
Question Best practice email setup
Replies
4
Views
1K
Kaspar
K
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
348
Leta
L
Back
Top