• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved SSL Cert in webmail.domain

HoracioS

Regular Pleskian
Ok, this feature just implemented in Onyx 17.0.17 #2.
My question is: Can you add an option to create a free certificate from Let's Encrypt?

Best regards,
Horacio
 
@HoracioS
In Onyx that works as far as I understood:
if you have already setup a letsencrypt cert for your domain in the domains overview (click letencrypt button, add probably www.).
In E-mail settings the you are able to choose the letsencrypt cert as SSL-/TLS for encrypting your webmail access.
 
Thank you Oliver, but this is not I asked for.
The cert created from the extension is only for domain.tld and www.domain.tld , but doesn't work for webmail.domain.tld subdomain.
It is not possible to create webmail.domain.tld SSL certs from the Let's Encrypt Extension.

Regarding E-mail settings (SSL for postfix and dovecot) it only works with the default server domain. If you are hosting hundreds of domains, all must use the Plesk default domain as mailserver, they cannot use mail.domain or any other subdomain.domain as IMAP nor SMTP server with SSL.

Best regards,
Horacio
 
Hi Horacio
I understand your point. You are right currently "only" domain.tld and www.domain.tld will be generated with letsencrypt and those certs are usable per domain.
What you propose is a letsencrypt generation for domain.tkld www AND webmail as well as certs for the mta/imap each per each domain. This combined with the possibility to choose these certs from the panel per domain. Good idea.
BR oliver
 
Hi @AlL,

untill Plesk implements the function to an updated Let's Encrypt extension, you can reach your goal with the following steps:

  1. Disable webmail for the specific domain ( "Home > Subscriptions > example-domain.com > Websites & Domains > (tab ) Mail > (tab ) Mail settings" --- tick the box in front of "example-domain.com" and choose the menu - button "Webmail". At the pop-up menu, pls. choose "None" from the dropdown - list and confirm your setting with "o.k."
  2. Create a subdomain named "webmail"
  3. Issue a Let's Encrypt certificate for the newly created subdomain "webmail"
  4. Download the complete *.pem - file from "Home > Subscriptions > example-domain.com > Websites & Domains > SSL/TLS Certificates" ( green download button on the very right of each listed certificate )
  5. Delete the subdomain "webmail"
  6. Re-enable the webmail - usage for the specific domain ( "Home > Subscriptions > example-domain.com > Websites & Domains > (tab ) Mail > (tab ) Mail settings" --- tick the box in front of "example-domain.com" and choose the menu - button "Webmail". At the pop-up menu, pls. choose "YOUR-DESIRED-WEBMAIL-SOFTWARE" from the dropdown - list and confirm your setting with "o.k."
  7. Create a NEW certificate at "Home > Subscriptions > example-domain.com > Websites & Domains > SSL/TLS Certificates" and upload the previous downloaded *.pem - file, or manually add the credentials for "Private key (*.key)", "Certificate (*.crt)" and "CA certificate (*-ca.crt)".
  8. Secure webmail for the domain, choosing the newly created webmail - certificate.
9. Smile and enjoy the free Let's Encrypt certificate for the next 90 days ( which will not automatically being renewed, because this certificate is being uploaded manually and the Let's encrypt extension renew - process can't find it, because you deleted the subdomain ).

This suggestion is not perfect ( because of the missing auto-renew-process for the Let's Encrypt - certificate ), but at least you can use a free certificate for your webmail - software on each domain this way, untill Plesk implements another way for Let's Encrypt certificates and Webmail. ;)
 
Thanks UFHH01,

I have searched for a solution like this. If the certificate is expired I can repeat the same steps to create a new certificate for webmail because it is not automatically renewed?
 
Back
Top