• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Steps to have SSL under mail server?

SalvadorS

Regular Pleskian
Hello everybody,

I have a client who needs to have SSL under mail (mail.domain.ext)

The client is under a server and in this server there is only one domain, the domain of my client.

So I want to know if this steps are correct:

1.- Buy a wildcard certificate *.domain.ext
2.- Install the SSL certificate in the domain of the client.
3.- Use this certificate to secure the mail under tool and settings -> SSL/TLS certificates -> Cert to protect the mail

Are these steps correct?

Thank you for helping!
 
Hi Salvador

This might not be as simple as it seems - does your base server hostname also use the domain of your client?

Rob
 
Hi,

Thanks for answering.

I have to Create the server so I can call it server.clientdomain.ext if it is necessary

It is?

Regards!
 
If the entire server is providing email services for just the one client it will make it much easier to setup if the server hostname uses the same domain name as the client.

For our shared hosting servers we purchased a multi-domain certificate that secures both 'serverhostname.ourcompanyname.com' and 'mail.ourcompanyname.com' and added that as the default / main SSL certificate for the whole server, alternatively you could purchase a wildcard *.ourcompanyname.com which will also allow you to secure websites on the same domain.

In Plesk -> Tools & Settings -> Security -> SSL/TLS Certificates there is an option to set 'Certificate for securing mail' where you can choose which certificate Plesk will serve for POP3 / IMAP etc.

Would have a look the following page as well:

Securing Plesk and the Mail Server With SSL/TLS Certificates
 
In this case you will need to use a multidomain (SAN) certificate that contains all the (domain)names you're using.

The only way to circumvent that, would be to use a second/dedicated IP address and manually configure plesk panel, postfix/exim, and dovecot/cyrus in order to use different certificates (could also be LetsEncrypt) for the different IPs.
 
I have one server, only one domain and only one IP. And will be only one server, one IP and one domain. So, the steps I wrote in the first comment are correct? Do I have to name the server with the name of the domain also or it is not necessary?

Thanks
 
It is not necessary but it may make it simpler for you config wise, if that is the sole purpose of the server why complicate matters?

If you assume the clients domain name is 'example.com' and your server IP is 0.0.0.0:

Server IP: 0.0.0.0
Server hostname: mail.example.com
TLS/SSL certificate hostname: mail.example.com

The single certificate would secure both the server itself (i.e. Plesk) and provide the verifiable encrypted mail connection that you require.

You would then create a DNS A record for 'mail.example.com' to point to 0.0.0.0 and set the MX record for example.com to 'mail.example.com'.

As ChristophRo stated you could use a different hostname for the server but in that case you would need a multi-domain cert which would incur additional cost.

Rob
 
Back
Top