• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

SSL Certificate on mail services

S

Serge Storme

New Pleskian
Hi Everyone,

First, sorry for my bad English, i'm French !

I have an OVH VPS on which Plesk 12.5 is installed (the host is Centos 6).
I don't have changed anything in the plesk or service configuration.
All is working fine, except one thing ^^
I would like to setup SSL certificate on mail services (pop3, imap and smtp)
I have the default courier-imap service and the default postfix.
To do that, i followed this tutorial : http://wpguru.co.uk/2014/12/plesk-mail-ssl/

So, i have the good certificate (signed by Gandi SAS) in these files :
/etc/postfix/postfix_default.pem
/usr/share/imapd.pem
/usr/share/pop3d.pem

I correctly restart the service (i even reboot the server to be sure) but it still don't work.
I also check in /etc/courier-imap/pop3d-ssl and imapd-ssl that the TLS_CERTFILE was correct.
With http://www.checktls.com i can see that the certificate which is used is the self signed one.
You can test with [email protected] if you want.

So, what i miss ?
I tried to go a grep with the beginning of the certificate, bu there is a lot of results, and i'm not an expert at all...

Thanks a lot for your help,
Cheers,
Serge
 
Hi Serge Storme,

Code: 
...
[002.073]       
Certificate 1 of 2 in chain:
subject= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]
issuer= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]                                                                                                                                                                                           
[002.091]       
Certificate 2 of 2 in chain:
subject= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]
issuer= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]                                                                                                                                                                                             
[002.091]        Cert NOT VALIDATED: self signed certificate
[002.091]        So email is encrypted but the domain is not verified
[002.091]        Cert Hostname DOES NOT VERIFY (mail.terroirsdepicardie.com != vps221224.ovh.net)
[002.091]        So email is encrypted but the host is not verified
...

Code: 
Transcript: Connecting to 51.255.40.124

Transcript:

Transcript: 220 vps221224.ovh.net ESMTP Postfix [859 ms]

Transcript: EHLO PWS3.mxtoolbox.com

Transcript: 250-vps221224.ovh.net
...
As already stated above "mail.terroirsdepicardie.com" does not match your hostname "vps221224.ovh.net" and a reverse check of "51.255.40.124" points to "124.ip-51-255-40.eu"


SPF - entry:
Code: 
"v=spf1 +a +mx -all"

You don't include your hostname in your SPF - entry and miss as well your IPv4. It would be a good idea to use:

"v=spf1 +a +mx +a:vps221224.ovh.net +ip4:51.255.40.124 ?all"


If you experience issues, please consider to include as well configuration files and errors from your mail.log, to solve your issue or to help you with investigations.
Serge Storme said:
I have the default courier-imap service and the default postfix.
Click to expand...
... is simply not enough to investigate any possible errors or issues.

 
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
2K
Polli
Polli
C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
1K
Chucky_213123
C
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
3K
mow
M
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
2K
tessa67
T
futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
8
Views
3K
futureweb
futureweb
Back
Top