• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

shared hosting environ, multiple domains each their own mail SSL

T

TomBoB

Regular Pleskian
Hi,

CentOS 6.7, Plesk 12.0.18, latest MU

Background: shared hosting environment, multiple domains. Courier/IMAP and Postfix as mail servers.
Was investigating to have each domain have it's own mail server security certificate.

example:
abc.com has mail.abc.com subdomain for use as mail server. Client would like his/her own cert for mail.abc.com for mail connections.
xyz.com has mail.xyz.com subdomain for use as mail server. Client would also like to have his/her own cert for mail.xyz.com for mail connections.

From what I read on forum and the KB acticles, it seems at present Plesk allows only one cert for each mail service per IP, not per domain on an IP.

Can anyone confirm? Or did I miss some stuff?

--
Reason for all the digging was the intended integration of letsencrypt; whether manually, or as build-in Plesk feature. With the added advantage of
https://community.letsencrypt.org/t/use-on-non-web-servers/425/2
statement:
"
Just in case people reading this thread aren't familiar with the key usage concept, the Let's Encrypt certs are indeed intended to be used with POP, IMAP, and SMTP servers and should work fine for these applications.

The applications that are forbidden by the EKU policies are other non-TLS uses such as code signing.

Hopefully the Let's Encrypt client will eventually even have built-in functionality to help you automatically install certs into servers for other Internet protocols, like IMAP servers.

"
 
Hi TomBoB,

first of all, you should be informed, that Odin will never support ALPHA - or BETA - software at all - which is quite reasonable, because no one wants to invest time and money in a project, that might never leave development - status. Before an official launch ( General availability: Week of November 16, 2015 , please see: https://letsencrypt.org/2015/08/07/updated-lets-encrypt-launch-schedule.html ) it is farely unusual, that Odin even thinks about possible implementation into Plesk.

A second issue, which is far more interesting, is the fact, that their issuance policies are based on U.S. laws and regulations:
We are not planning to restrict issuance to any countries/ccTLDs as a whole. We will, however, be restricting issuance to various government owned and operated domains for the following five countries:
  • Iran
  • Sudan
  • North Korea
  • Cuba
  • Syria
This policy is based on an analysis of applicable U.S. laws and regulations with our legal team. We reserve the right to change this policy at any time to comply with applicable U.S. laws and regulations.
Click to expand...
Well, sorry to say that..... but U.S. laws and regulations don't rule the whole world, nor do they rule the world wide web. Restrictions which result in exclusions of entire countries, for what ever reasons, are absolutely not acceptable. If I would like to be restricted, I could as well use a self-signed certificate.
Another reason, why "Let's encrypt" might never be trusted and accepted all over the world is the fact, that the whole project is U.S. - based. Why are there no european, asian or russian companies involved, or sponsoring this project?


You are always welcome to vote for features and you can describe, why it is necessary for you or/and your buisiness, but Odin decides completely on its own, if a feature vote might leave the "suggestion status" :

https://plesk.uservoice.com/forums/...stions/7067777-free-ssl-project-let-s-encrypt
 
Hi UFHH01,

thanks for getting back so quickly. Interesting reading about the issuance policies! Never really bothered with those in detail in the past.

Do understand about the issues regarding letsencrypt - and have already a long while back given them my +3 votes :)

Main question I was trying to bring across was:
Can different domains in a shared hosting environment have each have their own SSL cert for mail services (Courier/IMAP, Postfix)?
From what I read on forum and the KB acticles, it seems at present Plesk allows only one cert for each mail service per IP [the whole server], not per each domain on an IP.

Viele Gruesse aus Neuenkirchen, Westfalen; but living in Botswana, Africa for 15+ years :)
 
Hi TomBoB,

allowance of multiple certificates for SSL - connections per IP can only be achieved with a "SAN certificate" ( "SAN" = Subject Alternate Name ), this is not a configuration question ( and no Plesk restriction ), it's because SSL communication is performed BEFORE TCP communication.
 
You must log in or register to reply here.

Similar threads

B
Resolved Shared hosting with multiple domains SSL/TLS issues
2
Replies
20
Views
2K
bork
B
carlsson
Issue Mail on Plesk, web on other provider, how do I create a correct SSL?
Replies
2
Views
167
carlsson
carlsson
nisamudeen97
Question Change mail domain to mail.domain.com
Replies
1
Views
529
nisamudeen97
nisamudeen97
F
Issue Plesk Premium Email Active sync alternate server Address is needed so I can host the Mails in Plesk and Website hosting can be somewhere else
Replies
0
Views
1K
frankbackes
F
L
Resolved IMAP not working with STARTTLS or SSL/TLS Mailserver Dovecot Problem
Replies
3
Views
2K
lberens
L
Back
Top