Hi guys,
First, I have to say that I’m french so I’ll do my best to write in english (but it could be a little bit weird ^^)
So, I have several websites for clients or friends.
My host provider use Plesk to let me manage them and Let’s Encrypt is one of the plugin installed.
It’s a great solution to secure domains but ALL of my clients/friends have the same difficulties to add their email addresses on Mail (MAC)
The error message told something like “the certificat domain doesn’t look like the email domain”
And it’s true, because all the certificates generated by the Plesk plugin use the main domain of the server instead of the domain of the final website.
Does it mean the Let’sEncrypt plugin isn’t well set on Plesk? Or it’s the normal process?
The first problem is for my client (never too good to can’t install easily an email address)
The second problem is for the security (most of the time, as it considered as insecure, sometime the domain is blacklisted by the network provider)
The third problem is, even if the client whitelisted the domain and the email address works at home, if he goes to a different office or in a coffee with wifi, most of the time, the account can’t receive or send emails)
So, do you have some good tips to tell me? Or tell me what you need in order to give me some help?
Thanks in advance !
Hi @Arcantide
your setup is unknown.
What's your main domain? What are domains with problems?
Why isn't it possible to install certificates with other domains and a mail server? Why is it required to create an own mail subdomain?
your setup is unknown.
- What kind of informations do you need?
What’s your main domain? What are domains with problems?
- All the domains has the same issue so that the reason I didn’t give one but for example, you can check with this one: www.arcantide.com
Why isn’t it possible to install certificates with other domains and a mail server? Why is it required to create an own mail subdomain?
- Well, as for everyone I guess, I’m only give the usual informations when I add an email account to Mail (id, password, imap.domain.com and smtp.domaine.com)
Which is pretty strange, if I use the server domain, I don’t have the issue.
So I guess the Let’s Encrypt plugin on Plesk admin create a certificate for the server domain it’s installed on instead of creating a certificate of the domain I choose.
That’s why I think it’s probably a bad setting of the Let’s Encrypt plugin.
Does it make sense?
Checking that domain - https://check-your-website.server-daten.de/?q=arcantide.com
https has the correct certificate and works:
CN=arcantide.com
23.11.2019
21.02.2020
expires in 40 days arcantide.com, arcantide.fr, webmail.arcantide.com,
www.arcantide.com, www.arcantide.fr - 5 entries
All mail ports have the wrong certificate - see the connections - part:
CN=admin.serveur30.org
20.12.2019
19.03.2020
expires in 67 days admin.serveur30.org - 1 entry
Per ip address you have only one mail port 465 / 993 / 995.
So you need one certificate with all of these domain names, but it may be impossible to create such a certificate via Plesk.
Or your customers should use
- the webmail subdomain (or)
- the domain name
admin.serveur30.orgin their mail client, not the own domain.
Good observation 
For evident reasons, I don’t really want to ask my clients to use the server domain name…
Do you think the wild card certificat of Let’s Encrypt will solve this issue?
Pretty strange that Plesk can’t let us set the domains encrypted…
By the way, one more strange thing is if you check webmail.arcantide.com, you will see it is not secured.
I really don’t understand why 
How should a wildcard resolve that? Please read some basics:
and the FAQ.
As written: Create one certificate with all mail domains.
https works, there is no redirect http -> https. That's your job to configure it.
I thought wild card certificats was supposed to secure all sub-domains (as email domains)
I don’t find any article on that subject
But thanks for your help!
Don’t want to waste your time
That's correct. But the problem is the installation. Looks like you have only one mail server. And I don't know if your mail server supports the installation of different certificates (one per domain).
But if that is possible, a mail.maindomain.com + smtp.maindomain.com + pop3.maindomain.com is enough, so you don't need the dns validation to create a wildcard certificate.
A huge thank for your precious help !
I’m gonna check this and obviously take more time to understand the way certificats works
Regards,
Florent
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.