Resolved Webmail SSL not working

[mathi_reg]

Hey guys,

I tried a bunch of different versions now but somehow I can't figure this out.

I'm running Plesk Onyx for Linux successfully on a domain www.something.fm and from there I'm also running additional subdomains like project.something.fm with Let's-Encrypt certificates. All works well, except for one thing: the webmail.something.fm is not secure and always throws an error in the browser. "Your connection is not private"

The something.fm is managed with Cloudflare with the following settings:

Even though I renewed the SSL certificate and set it in in the Domain Settings as well as in the general SSL settings. The certificate for something.fm is used for webmail.

Any idea what I'm doing wrong as it's still not showing as secure?

Thanks,
Matt

 

[mathi_reg]

Any ideas here, someone?

 

[Ales]

Your webmail is using a Let's Encrypt certificate that was valid from March 21, 2019 to June 19, 2019. The certificate was valid for the domain, www and webmail but has now expired.

Two things to check, under the subscription in question:

1) under the "SSL/TLS Certificates" icon, is there more than one Let's Encrypt certificate, more than just the latest one? Did you perhaps rename it in the past?

2) under the "Mail Settings" icon, there is a dropdown for "SSL/TLS certificate for webmail", is the latest one chosen?

The latest certificate should be named "Lets Encrypt svr.fm". The name is important, this is the one that Plesk will auto renew and the name will stay the same for each new certificate.

 

[mathi_reg]

Hey @Ales

thanks for getting back to me. Yeah, I checked that actually. I only have one "Lets Encrypt svr.fm" certificate in my entire list and I also already tried several times to renew it.

See

All other certificates in the list are for subdomains of the main domain svr.fm

And this is the mail-settings tab:

I checked again, I have no other certificate for the pure "svr.fm" domain.

 

[mathi_reg]

Any ideas @Ales ?

 

[Ales]

I can’t troubleshoot, the domain doesn't resolve at the moment (I've tried from several countries and continents, it is down...).

I'd start with checking if the "Lets Encrypt srv.fm" certificate as now seen in Plesk is indeed a valid new one (expiry, domain validity for all three, the domain, www and webmail), to confirm that it is just the webmail that has somehow stuck with the old expired version of it.

Then I'd try to temporarily change the webmail certificate to another one (and access webmail at this point, to check if the cert was indeed changed) and than change it back to a correct cert, so that the webmail config file gets regenerated.

There are more things to explore and try, but these might be the simplest to get this sorted ASAP.

As to the cause of this... I really can't say. Perhaps your DNS setup or the domain redirect has triggered a bug. If this is indeed so, it would be worthwhile to troubleshoot a bit more and then report it to Plesk as such, so that it gets fixed.

 

[mathi_reg]

Hey @Ales
it seems also if I apply a different Let's Encrypt for any other project the setting for the cert is never changing, as if the service doesn't get updated or anything.
No matter which one I apply, if I check in the browser it always shows me the old cert that is outdated.

 

[Ales]

I suggest checking the '/etc/httpd/conf/plesk.conf.d/webmails/srv.fm_webmail.conf' (contents, time stamp, etc.) first. There should be a .bak file in that directory too, for comparison, and webmail configuration files of other domains if you have any.

Then regenerate the configuration files using the Plesk Repair Utility: Web:

plesk repair web

 

[mathi_reg]

YES! thanks, this did the job.