Certify Mail Server with Let's Encrypt Certificate


#1

Currently we are running several domains on our VPS. At this moment we want to certify our mail server (mail.dutchinnovisiongroup.com) with Let’s Encrypt. We already have succesfully installed a SSL Domain Certificate for our domain (dutchinnovisiongroup.com and a SSL Server Certificate for Plesk Server.

To secure our mail server, we should click the [Change] link next to “Certificate for securing mail” and select the “Lets Encrypt certificate (server pool)” from the drop-down list, and click OK. But for some reason this option seems not available. And in the list of Server Certificates only the default certificate is visible. What do I oversee?

And if I want to SSL secure the mail servers of all the different domains we are running on our VPS, do I need to use the SSL Certificate of that particular domain or can I use the Server SSL Certificate?

Any help is and all suggestions are more than welcome.

Thanks,
John


#2

Postfix (which Plesk uses for its mail service) does not support SNI (many certificates on a single service). So you would realistically only be able to protect the server service domains, not customer domains.

First, you’ll want to secure your mail server with a Let’s Encrypt certificate for vps.dutchconnex.com.

Following https://support.plesk.com/hc/en-us/articles/115000179934-How-to-secure-mail-server-with-Let-s-Encrypt-certificate (which I suppose you’ve already read), you’ll want to add Let’s Encrypt certificate for vps.dutchconnex.com into the server pool.

Then, change each domain’s MX records to the server’s hostname (vps.dutchconnex.com), rather than e.g. mail.dutchinnovisiongroup.com.


#3

Thanks for your reply…

Currently i have succesfully secured vps.dutchconnex.com.

And have installed SSL Certificate for the domain dutchinnovisiongroup.com
Still the browser connection is not secured. Same for the mail client Outlook.
In both situations the Certificate seems correct.

I will further test with MX record vps.dutchconnex.com

Thanks.
John


#4

You won’t be able to use e.g. mail.dutchinnovisiongroup.com in Outlook.

You will need to use vps.dutchconnex.com for both your MX record and your mail client settings.

The only ways this can change in the future is:

  • If Postfix implements SNI (very unlikely)
  • If Plesk replaces Postfix with Exim or another solution (unlikely in the near term)
  • If you move from Plesk to cPanel, which does support what you want (because it uses Exim)

#5

I have similar problem. I have domain example.com on first server. In dns zone of this domain I added record A -> s1 which maps to ip address of second server. The second server’s name is s1.example.com and there is postfix/dovecot. I have installed lets encrypt cert for s1.example.com - works perfect. I also secured it by adding to postfix main.cf file generated certs by lets encrypt. On s1.example.com I have few other domains/websites. I would like to configure for them s1.example.com as mailserver. What are my problems? Here they are:
I have created do_not_reply@s1.example.com on s1.example.com server. I can only send emails but can not receive. I suppose that I should modify/add something to dns zone of example.com domain on first server, because on s1.example.com server I haven’t dns zone for s1.example.com (sub)domain. Maybe I should add dns zone for it? If needed I can post here dns zone of example.com domain.


#6

Everything is working fine now! Thanks for your help…


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.