• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

SSL Certificate on mail services

S

Serge Storme

New Pleskian
Hi Everyone,

First, sorry for my bad English, i'm French !

I have an OVH VPS on which Plesk 12.5 is installed (the host is Centos 6).
I don't have changed anything in the plesk or service configuration.
All is working fine, except one thing ^^
I would like to setup SSL certificate on mail services (pop3, imap and smtp)
I have the default courier-imap service and the default postfix.
To do that, i followed this tutorial : http://wpguru.co.uk/2014/12/plesk-mail-ssl/

So, i have the good certificate (signed by Gandi SAS) in these files :
/etc/postfix/postfix_default.pem
/usr/share/imapd.pem
/usr/share/pop3d.pem

I correctly restart the service (i even reboot the server to be sure) but it still don't work.
I also check in /etc/courier-imap/pop3d-ssl and imapd-ssl that the TLS_CERTFILE was correct.
With http://www.checktls.com i can see that the certificate which is used is the self signed one.
You can test with [email protected] if you want.

So, what i miss ?
I tried to go a grep with the beginning of the certificate, bu there is a lot of results, and i'm not an expert at all...

Thanks a lot for your help,
Cheers,
Serge
 
Hi Serge Storme,

Code: 
...
[002.073]       
Certificate 1 of 2 in chain:
subject= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]
issuer= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]                                                                                                                                                                                           
[002.091]       
Certificate 2 of 2 in chain:
subject= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]
issuer= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]                                                                                                                                                                                             
[002.091]        Cert NOT VALIDATED: self signed certificate
[002.091]        So email is encrypted but the domain is not verified
[002.091]        Cert Hostname DOES NOT VERIFY (mail.terroirsdepicardie.com != vps221224.ovh.net)
[002.091]        So email is encrypted but the host is not verified
...

Code: 
Transcript: Connecting to 51.255.40.124

Transcript:

Transcript: 220 vps221224.ovh.net ESMTP Postfix [859 ms]

Transcript: EHLO PWS3.mxtoolbox.com

Transcript: 250-vps221224.ovh.net
...
As already stated above "mail.terroirsdepicardie.com" does not match your hostname "vps221224.ovh.net" and a reverse check of "51.255.40.124" points to "124.ip-51-255-40.eu"


SPF - entry:
Code: 
"v=spf1 +a +mx -all"

You don't include your hostname in your SPF - entry and miss as well your IPv4. It would be a good idea to use:

"v=spf1 +a +mx +a:vps221224.ovh.net +ip4:51.255.40.124 ?all"


If you experience issues, please consider to include as well configuration files and errors from your mail.log, to solve your issue or to help you with investigations.
Serge Storme said:
I have the default courier-imap service and the default postfix.
Click to expand...
... is simply not enough to investigate any possible errors or issues.

 
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
752
Polli
Polli
C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
760
Chucky_213123
C
M
Resolved Error SSL Cert for email
Replies
7
Views
2K
mihaitiberiu
M
M
Issue Mail issue: Remote server returned '554 5.7.4 < # 5.7.4 SMTP; 554 5.7.4 failed to deliver message via SSL/TLS. >' -lost connection after STARTTLS from
Replies
1
Views
954
scsa20
scsa20
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
2K
mow
M
Back
Top