• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Securing mail subdomain with SSL

psxeu

Basic Pleskian
Hi

When a new domain is created in my system (lets call it domain.com) a MX record is created saying

domain.com mx mail.domain.com

and an A record is created saying

mail.domain.com a 000.000.000.000

however the mail.domain.com is not secured by lets encrypt SSL.

So my question is:

1)
Is it wrong the way the DNS for mail is created?

2)
How do I get the mail subdomain automatically secured by lets encrypt SSL?
 
Let’s Encrypt does not currently offer “wildcard” certificates.
So you will need to be able to list all the domains you want a certificate for, you can’t (as you can with some of the pricier paid certificates) get just one that works for every possible name in your domain.

With Let’s Encrypt you’d need to issue new certificates for any new names you needed.
 
How do I get the mail subdomain automatically secured by lets encrypt SSL?
That is not what you want. You are asking how to use the same SMTP server for multiple domains, secure each of the outgoing SMTP mail server domains from your DNS settings with a certificate and send all mail using an individual server name instead of using the one-and-only SMTP hostname.

From experience I can only recommend to forget about it. One host = one SMTP server = one hostname for outgoing mail. You can secure that outgoing mail hostname by a certificate from the SSL/TLS configuration menu in the Tools & Settings area of Plesk. It is absolutely normal and best practice to not to have a different outgoing mail server name and different matching certificates for that in an environment that is hosting more than a single domain. In everyday use it does not matter whether a mail is sent through sdfdf.39i3kd.com or through <mydomain>.com or whatsoever, as recipients won't notice and neither care what technical hostname the mail is being sent from.
 
If you have installed the Let's Encrypt extension, you can choose your domain and in the next step choose the option:
"secure also webmail on this domain"

To secure your "mail host" please use a serverwide ssl certificate for this case.

As Peter wrote:
One host = one SMTP server = one hostname for outgoing mail.
 
Back
Top