• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue SMTP SSL Certificate Expired

defcon8

defcon8

New Pleskian
Server operating system version
Debian 11
Plesk version and microupdate number
18.0.62 Update #1 Web Host Edition
We currently have a big problem. Whenever I check the SSL validity of my SMTP server, it says expired:

>openssl s_client -connect srv002.xxxxxx:465

CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = srv002.xxxxxx.com
verify error:num=10:certificate has expired
notAfter=May 9 12:42:08 2024 GMT
verify return:1
depth=0 CN = srv002.xxxxxx.com
notAfter=May 9 12:42:08 2024 GMT
verify return:1
---
Certificate chain
0 s:CN = srv002.xxxxxx.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1

If I go to the Plesk > Tools & Settings > SSL / TLS Certificates there is a Lets Encrypt certificate assigned. This certificate is running fine for the HTTP/HTTPS access, but somehow is not applied to the mailserver. I even re-issued the certificate, doesn't make any difference.

Whenever I go to /etc/dovecot/private, there are 2 files:
dovecot.pem: which seem to contain the expired certificate (Common Name: srv002.xxxxxx.com, Valid To: May 09,2024, Issuer: Let's Encrypt)
ssl-cert-and-key.pem; which seem to contain a placeholder certificate by my Plesk supplier (Common Name: placeholder.transip.us, Valid to: Feb 06,2034, Issuer: Unknown)

Seems like Plesk does not update the files?
 
Make sure "Certificate for securing mail" has the proper certificate selected if you're trying to apply it at the overall server level of things. If you have the subdomain added as a domain (under the domains section) then you'll need to apply the certificate under there instead (Domains > domain in question > Mail tab > Mail Settings > SSL/TLS certificate for webmail and/or SSL/TLS certificate for mail)
 
scsa20 said:
Make sure "Certificate for securing mail" has the proper certificate selected if you're trying to apply it at the overall server level of things. If you have the subdomain added as a domain (under the domains section) then you'll need to apply the certificate under there instead (Domains > domain in question > Mail tab > Mail Settings > SSL/TLS certificate for webmail and/or SSL/TLS certificate for mail)
Click to expand...
Thanks for your help. I think the wrong certificate was selected, at least the "Certificate for securing Plesk" was set to a different one then "Certificate for securing mail". I have changed "Certificate for securing mail" to match the other one. Issue seems resolved, will need to do some more testing however to be sure.
 
You must log in or register to reply here.

Similar threads

M
Resolved Help request: SSL certificate seems to have trust issues. How to resolve?
Replies
4
Views
687
MHC_1
M
C
Question Strange SNI (?) issue related to IPv6 (?)
Replies
2
Views
668
Carbon Dioxide
C
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
724
tessa67
T
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
1K
deepnpisgah
D
T
Issue Some sites don't send email when Let's Encrypt ssl certificate will expire
Replies
1
Views
506
tanasis
T
Back
Top