• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved SNI Enabled but Aliased Domain not in Mail Cert?

G J Piper

G J Piper

Regular Pleskian
I have a domain (askb.org) set up for mail with Let's Encrypt enabled and it issues certificates for the website.
I added www.mail.askb.org as an alias to the domain so my clients' existing email server setups would not have to be changed to the root domain (they all use mail.askb.org).
I can secure the webmail and website and mail using the cert, but the mail cert shows that the alias isn't included in it even though the website cert shows it as an alt?
Going directly to the domain's mail settings allows me to only add the main domain's cert (which presumably should have the added mail. cert in it as an alt domain like the rest)
Confused...
Mail clients don't show the "mail.askb.org" domain so they fail verification unless the settings are changed in the clients' mail settings.

Running:
Code: 
openssl s_client -connect mail.askb.org:465
reveals that the server still only uses the main mail certificate for all domains?

If I change the main mail server certificate to be the askb.org lets encrypt cert then it works, but it looks like individual domains on the server do not override that setting with their own Let's Encrypt cert.

Screen-Shot-2019-10-02-at-11.49.38-PM.jpg Screen-Shot-2019-10-02-at-10.37.45-PM.jpg
 
Last edited:
Upon further testing this seems to be working now. Not sure why remote queries show the main server cert instead of the sni ones, but actual mail clients seem to see the correct ones.
 
Hello GJ Piper

I don't see the same parameters than you in the email domain preferences...
How did you get this ?
I only have SSL/TLS certificate for webmail

Pretty upseted by Plesk on this point for many years now...
I was told that Obsidian will solve this problem and nothing changed


[EDIT]: my mistake !
Everything is OK.
Just have to migrate all customers emails to Obsidian now...
 
Last edited:
MARS_NETWORKS said:
Pretty upseted by Plesk on this point for many years now...
I was told that Obsidian will solve this problem and nothing changed
Click to expand...
But they changed it in Obsidian?! That fact you are seeing his screenshot doesn't convince you?

If you don't see same options like GJ Piper then some option may be disabled at your installation. Especially if you run upgrade from Onyx instead of clean install. Check their documents. I can't find link anymore but i saw some settings need to be enabled manually if you are upgrading from Onyx. Better yet ask their support directly.
 
As I know only postfix and dovecot support SNI. So SNI will not be available for you in case if you're using courier-imap or qmail.
 
You must log in or register to reply here.

Similar threads

L
Issue Plesk Mail Only SSL Still Not Functioning Properly
Replies
2
Views
261
alvarezcruz
alvarezcruz
C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
681
Chucky_213123
C
L
Issue When Mail Domain SSL Renews The Cert Reverts To domain.tld
Replies
5
Views
2K
Ladylinux
L
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
2K
tessa67
T
G J Piper
Resolved SSL It! Let's Encrypt Not Issuing Certificate on MX-only Domain
Replies
8
Views
617
G J Piper
G J Piper
Back
Top