Resolved the SSL certificate for mailman

[tkalfaoglu]

Server operating system version

Alma Linux

Plesk version and microupdate number

Obsidian

Hi.. assume domain.com is our default domain for the server. I generated some certificates for it with Lets Encrypt, and eventually created a wildcard certificate and *.domain.com is using it.
When I try to logon to https://lists.domain.com it gives a warning -- saying that the certificate is only for panel.domain.com and not for lists.domain.com - although as I mentioned, the domain.com is using a wildcard certificate right now..

I tried various things, including setting that certificate as default in the IP Addresses setting, and even creating a
/usr/local/psa/admin/conf/templates/custom/server/mailman.php file to specify a specific certificate:

SSLEngine on
SSLVerifyClient none
SSLCertificateFile "/usr/local/psa/var/certificates/scfoHoWU1"

... but this is ignored, even after PLESK REPAIR WEB domain.com .. When visiting https://lists.domain.com I still get a warning that the certificate is only for panel.domain.com

So, how can I fix the mailman https problem?

 

[tkalfaoglu]

PS: The above SSLCertificateFile "/usr/local/psa/var/certificates/scfoHoWU1" is the wildcard certificate that Lets Encrypted created for *.domain.com -- I found it by grepping among the certificates in that directory

 

[tkalfaoglu]

Btw, the custom template file seems to be ignored.
Also, trying to pick a certificate from the pull down list gives "there are 109 more items" blurb after a few items listed. So I cannot pick the correct certificate there.

 

[tkalfaoglu]

The "there are 109 more items" problem happens in the:

Secure Mail Server​

Select a certificate for securing the mail server.

Select Certificate *

blurb.. it won't let me pick the wildcard certificate..

 

[tkalfaoglu]

SOLVED the last item - picking the correct sertificate for SECURE MAIL SERVER prompt. apparently you can just write -- don't need the pull down list. I wrote and picked the correct wildcard cert.. but still the mailman problem continues.. bad certificate..

 

[B_P]

Yes, it seems that Apache/Nginx ignore the wildcard certificate for *.domain.com in case domain.com is part of a subscription and when I try to access lists.domain.com.
@IgorG any workaround here?

 

[Kaspar]

@B_P Sort of, see if this suggested workaround works for you: https://support.plesk.com/hc/en-us/...parate-SSL-certificate-for-Mailman-on-domain-

 

[FrancoiseL]

That's not good enough... lists.<domain> needs to have its own LE TLS certificate like webmail.<domain> does.

 

[Bitpalast]

What keeps you from issueing it?