defcon8
New Pleskian
- Server operating system version
- Debian 11
- Plesk version and microupdate number
- 18.0.62 Update #1 Web Host Edition
We currently have a big problem. Whenever I check the SSL validity of my SMTP server, it says expired:
>openssl s_client -connect srv002.xxxxxx:465
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = srv002.xxxxxx.com
verify error:num=10:certificate has expired
notAfter=May 9 12:42:08 2024 GMT
verify return:1
depth=0 CN = srv002.xxxxxx.com
notAfter=May 9 12:42:08 2024 GMT
verify return:1
---
Certificate chain
0 s:CN = srv002.xxxxxx.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
If I go to the Plesk > Tools & Settings > SSL / TLS Certificates there is a Lets Encrypt certificate assigned. This certificate is running fine for the HTTP/HTTPS access, but somehow is not applied to the mailserver. I even re-issued the certificate, doesn't make any difference.
Whenever I go to /etc/dovecot/private, there are 2 files:
dovecot.pem: which seem to contain the expired certificate (Common Name: srv002.xxxxxx.com, Valid To: May 09,2024, Issuer: Let's Encrypt)
ssl-cert-and-key.pem; which seem to contain a placeholder certificate by my Plesk supplier (Common Name: placeholder.transip.us, Valid to: Feb 06,2034, Issuer: Unknown)
Seems like Plesk does not update the files?
>openssl s_client -connect srv002.xxxxxx:465
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = srv002.xxxxxx.com
verify error:num=10:certificate has expired
notAfter=May 9 12:42:08 2024 GMT
verify return:1
depth=0 CN = srv002.xxxxxx.com
notAfter=May 9 12:42:08 2024 GMT
verify return:1
---
Certificate chain
0 s:CN = srv002.xxxxxx.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
If I go to the Plesk > Tools & Settings > SSL / TLS Certificates there is a Lets Encrypt certificate assigned. This certificate is running fine for the HTTP/HTTPS access, but somehow is not applied to the mailserver. I even re-issued the certificate, doesn't make any difference.
Whenever I go to /etc/dovecot/private, there are 2 files:
dovecot.pem: which seem to contain the expired certificate (Common Name: srv002.xxxxxx.com, Valid To: May 09,2024, Issuer: Let's Encrypt)
ssl-cert-and-key.pem; which seem to contain a placeholder certificate by my Plesk supplier (Common Name: placeholder.transip.us, Valid to: Feb 06,2034, Issuer: Unknown)
Seems like Plesk does not update the files?