• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved SNI Enabled but Aliased Domain not in Mail Cert?

G J Piper

G J Piper

Regular Pleskian
I have a domain (askb.org) set up for mail with Let's Encrypt enabled and it issues certificates for the website.
I added www.mail.askb.org as an alias to the domain so my clients' existing email server setups would not have to be changed to the root domain (they all use mail.askb.org).
I can secure the webmail and website and mail using the cert, but the mail cert shows that the alias isn't included in it even though the website cert shows it as an alt?
Going directly to the domain's mail settings allows me to only add the main domain's cert (which presumably should have the added mail. cert in it as an alt domain like the rest)
Confused...
Mail clients don't show the "mail.askb.org" domain so they fail verification unless the settings are changed in the clients' mail settings.

Running:
Code: 
openssl s_client -connect mail.askb.org:465
reveals that the server still only uses the main mail certificate for all domains?

If I change the main mail server certificate to be the askb.org lets encrypt cert then it works, but it looks like individual domains on the server do not override that setting with their own Let's Encrypt cert.

Screen-Shot-2019-10-02-at-11.49.38-PM.jpg Screen-Shot-2019-10-02-at-10.37.45-PM.jpg
 
Last edited:
Upon further testing this seems to be working now. Not sure why remote queries show the main server cert instead of the sni ones, but actual mail clients seem to see the correct ones.
 
Hello GJ Piper

I don't see the same parameters than you in the email domain preferences...
How did you get this ?
I only have SSL/TLS certificate for webmail

Pretty upseted by Plesk on this point for many years now...
I was told that Obsidian will solve this problem and nothing changed


[EDIT]: my mistake !
Everything is OK.
Just have to migrate all customers emails to Obsidian now...
 
Last edited:
MARS_NETWORKS said:
Pretty upseted by Plesk on this point for many years now...
I was told that Obsidian will solve this problem and nothing changed
Click to expand...
But they changed it in Obsidian?! That fact you are seeing his screenshot doesn't convince you?

If you don't see same options like GJ Piper then some option may be disabled at your installation. Especially if you run upgrade from Onyx instead of clean install. Check their documents. I can't find link anymore but i saw some settings need to be enabled manually if you are upgrading from Onyx. Better yet ask their support directly.
 
As I know only postfix and dovecot support SNI. So SNI will not be available for you in case if you're using courier-imap or qmail.
 
You must log in or register to reply here.

Similar threads

R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
908
tessa67
T
S
Question Trying to enable "Keep Websites Secured" via API
Replies
2
Views
419
simonrp
S
futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
8
Views
1K
futureweb
futureweb
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
770
mow
M
J
Resolved WordPress Network setup on Alias -- how to add alternative domains with Lets Encrypt SSL Certs?
Replies
3
Views
2K
joell
J
Back
Top