• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved SNI Enabled but Aliased Domain not in Mail Cert?

G J Piper

Regular Pleskian
I have a domain (askb.org) set up for mail with Let's Encrypt enabled and it issues certificates for the website.
I added www.mail.askb.org as an alias to the domain so my clients' existing email server setups would not have to be changed to the root domain (they all use mail.askb.org).
I can secure the webmail and website and mail using the cert, but the mail cert shows that the alias isn't included in it even though the website cert shows it as an alt?
Going directly to the domain's mail settings allows me to only add the main domain's cert (which presumably should have the added mail. cert in it as an alt domain like the rest)
Confused...
Mail clients don't show the "mail.askb.org" domain so they fail verification unless the settings are changed in the clients' mail settings.

Running:
Code:
openssl s_client -connect mail.askb.org:465
reveals that the server still only uses the main mail certificate for all domains?

If I change the main mail server certificate to be the askb.org lets encrypt cert then it works, but it looks like individual domains on the server do not override that setting with their own Let's Encrypt cert.

Screen-Shot-2019-10-02-at-11.49.38-PM.jpg Screen-Shot-2019-10-02-at-10.37.45-PM.jpg
 
Last edited:
Upon further testing this seems to be working now. Not sure why remote queries show the main server cert instead of the sni ones, but actual mail clients seem to see the correct ones.
 
Hello GJ Piper

I don't see the same parameters than you in the email domain preferences...
How did you get this ?
I only have SSL/TLS certificate for webmail

Pretty upseted by Plesk on this point for many years now...
I was told that Obsidian will solve this problem and nothing changed


[EDIT]: my mistake !
Everything is OK.
Just have to migrate all customers emails to Obsidian now...
 
Last edited:
Pretty upseted by Plesk on this point for many years now...
I was told that Obsidian will solve this problem and nothing changed
But they changed it in Obsidian?! That fact you are seeing his screenshot doesn't convince you?

If you don't see same options like GJ Piper then some option may be disabled at your installation. Especially if you run upgrade from Onyx instead of clean install. Check their documents. I can't find link anymore but i saw some settings need to be enabled manually if you are upgrading from Onyx. Better yet ask their support directly.
 
As I know only postfix and dovecot support SNI. So SNI will not be available for you in case if you're using courier-imap or qmail.
 
Back
Top