Facebook
Twitter
Checking this box will add valid SSL/TLS certificates to your mail services (SMTP, POP3/IMAP). You should enable that if you use mail services on your Plesk server.
See also: Securing Plesk and the Mail Server With SSL/TLS Certificates
See also: Securing Plesk and the Mail Server With SSL/TLS Certificates
Still don't get it to be honest.
This is the text from the popup:
"Automatically replaces expired or self-signed SSL/TLS certificates with free valid certificates from Let's Encrypt. Covers each domain, subdomain, domain alias, and webmail belonging to the subscription."
So, if the domain, webmail and mail is secured with a Let's Encrypt certificate, this option isn't needed? Let's Encrypt certificates are renewed automatically after 3 months, right?
This is the text from the popup:
"Automatically replaces expired or self-signed SSL/TLS certificates with free valid certificates from Let's Encrypt. Covers each domain, subdomain, domain alias, and webmail belonging to the subscription."
So, if the domain, webmail and mail is secured with a Let's Encrypt certificate, this option isn't needed? Let's Encrypt certificates are renewed automatically after 3 months, right?
LE certificates are renewed every month if I am not mistaken (they expire after 3 months). You can disable or enable whether or not you want the LE certificate to include mail services (SMTP, POP3/IMAP) for a domain. If not enabled, the LE certificate will still be renewed, but won't include the mail services.
It is still an important setting. For example when you have included an alias domain in your initial Let's Encrypt certificate and delete that alias while the certificate is still valid, the same certificate will normally not be renewed upon next renewal data, because the alias cannot be verified by the trust center. With the "Keep websites secured" option, this issue does not occur, because when checked, the extension automatically removes the alias from the cert and issues a new cert for the remaining domains. This also applies for an alias situation with email addresses. It is always best to set the settings to "on".
True, but my main concern is: do we have to update our helpdesk pages and tell our customers to activate the "Keep websites secured: Secure mail" option even when their Mail access (IMAP, POP, SMTP) is alread secured with a LE certificate and gets renewed every 3 months?
Not necessarily, but if a customer applies a change to a domain that is included in the certificate that blocks the ability of Let's Encrypt to verify the domain on its next renewal, renewal will fail, if the checkbox is not checked. If the customer does not make such changes, things will be alright.
Similar threads
