Resolved Updating Let's encrypt certs for mailserver

[alexis1]

When I click the button to renew a cert, it is installed in the webserver, but the mailserver does not get a new one.
should'nt it be possible with the latest plesk-version?

I'm using plek 17.5 and dovecot on ubuntu 16.04 lts

what can I do?

 

[Brujo]

Hey,

please check out plesk panel > tools settings > SSL/TLS Certificates > Certificate for securing mail

How to secure mail server with Let's Encrypt certificate

 

[alexis1]

This is not the Problem.
as described, the problem is, trat already installed certificate are are not updated, when the user clicks the button to renew already installed certificate.

 

[MarkM]

Please set down the alcoholic beverage and attempt to resend that last reply

Edit: Ok, I get it now. You updated the cert but it's not active. Sounds like an issue with with the web server configuration. I would run the following;

# plesk repair web

 

[alexis1]

No alcohol .. this happens, if you forget to set the right language on your mobile ..

it is not a problem of the webserver. The web servers certificate gets updated by the add-on.
Only the mail server does not get the update and keeps using its old certificate.

 

[MarkM]

How to change the default certificates for SMTP, IMAP, and POP3 over SSL?

Check the file dates and see if they updated.

 

[alexis1]

The mail server is dovecot and postfix.
The cert files are not updated - that's the problem, I have ..
On the webserver they are updated every time I press the corresponding button in plek.

 

[alexis1]

News in this issue:

After updating the plugin, the cert files are copied to the server directories now.

strange: the servers do not use them. even the right files are set up in the coresponding config files.

is there something to do, to make the mail servers re-read the cert files?

 

[MarkM]

You just need to override the existing certs as they are self signed....

 

[alexis1]

Thats what I thought.
My plesk-omatic is now overriding the certs .. but the server is not re-reading the files.

Is there maybe any option, to prevent the refreshing?

I did a test to make sure, that the server recognize the files, by deleting them. Then the service writes an error message to the log, saying, can't find specified cert file.

 

[MarkM]

Are you sure it's the correct cert? Just restarting the service should make the new cert active. You can test it with the following;

openssl s_client -showcerts -connect mail.markmuyskens.tk:993

Be sure to update the mailserver.

 

[alexis1]

Now, I even restarded the machine .. but the mailserver is still working with old certs.
I think, the certs are the new ones, as they have the right timestamp.

I could comapre the with the files located in the lets-directory. btw: where is it, when it is installed with plesk?
in the standallone-environments, they are located in /etc/lets... but on this machine, it is somewhere else...

thx

 

[alexis1]

update: I now found out,that the wrog certificates were copied by the plesk extension. the have a new timestamp - but inside, it's old stuff...

For testing, I copied the cert of my webserver to the dovecot directory - and voila - the have a new expireation-date - but of course the wrong domain-info, as they were issued for the use in my webserver.

So the remaining questions is: were are the lets-certs stored? this could help to fix it for a moment by manually copying the files.
Later, I will check that with the people from the plugin manufacturer ..

thx

 

[BoiseComputer]

update: I now found out,that the wrog certificates were copied by the plesk extension. the have a new timestamp - but inside, it's old stuff...

For testing, I copied the cert of my webserver to the dovecot directory - and voila - the have a new expireation-date - but of course the wrong domain-info, as they were issued for the use in my webserver.

So the remaining questions is: were are the lets-certs stored? this could help to fix it for a moment by manually copying the files.
Later, I will check that with the people from the plugin manufacturer ..

thx

Personally I have run into issues with certs not being placed in all the proper places. I still use a script I made to solve this problem.
GitHub - BoiseComputer/plesk_mailcert: Copies Plesk LetsEncrypt CERT to Mailservers and Webmin
It copies the current server SSL cert to the proper places for Postfix, Dovecot, Courier, Qmail, and Webmin (Just because I like to use that as well) and restarts those services.
You are welcome to give it a try.

 

[alexis1]

Personally I have run into issues with certs not being placed in all the proper places. I still use a script I made to solve this problem.

The script does, what thelatest plugin also does .. unfortunately with the wrong files.
actually I'm searching for the location, where the plugin stores the certs.

if you have any hint..

 

[alexis1]

update (again)

I found the letsencryp plugin directory and found also, that the certs for the mail server subdomain are not renewed. that's why only old cert files are copied by the update mechanic...

remaining question: can someone help me with the question, how to tell the plugin that it should update even the mail subdomains cert?

 

[alexis1]

Problem solved:

There are some issues with the plugin. Our problem was caused by disabling the web-service of the mail-servers subdomain.
similar problems can also be caused by an improper dnd configuration of the corespondig domain, we found out.

 

[madadam]

Problem solved:

There are some issues with the plugin. Our problem was caused by disabling the web-service of the mail-servers subdomain.
similar problems can also be caused by an improper dnd configuration of the corespondig domain, we found out.

How did you resolve it? I have the same problem and also probably caused by deleting a sub-domain. How did you fix it?

 

[Daedalus3]

Same problem here :-(

 

[Daedalus3]

For me it was dovecot -for some reason the config was changed to now point to ssl-cert-and-key.pem instead of dovecot.pem. Weird.