Plesk encrypting multiple domains including corresponding mail servers

Hi
Love let’s encrypt though it doesn’t encrypt the domains independently. Only www.* and web.*
But would love the mail.* variants be encrypted by the same domain certificate. Is that possible?

Ciao Val

the sky is the limit…
Well actually 100 domains per cert is the limit.
So, I don’t see why you can’t add more names to your cert.
Or more certs if they run on separate servers/IPs.

So, to answer your question: YES
It is very possible to use an LE cert for encrypting web traffic and even actual mail traffic - and all from the same cert.

Great, but strange that the Plesk plugin encrypting extension does it correct for multiple domains webmail and www. But doesn’t do wildcard or SAN. What would help at least is a SAN wildcard cert in order to secure my hosted domains for some little clients… Normally a corp. cert. would cost me about 600 euro per 2 years… and bit hefty for semi-pro host setups…

Wild card certs are coming to LE in January 2018.
Until then, you can get up to 100 FQDNs per cert and about 20 certs per week per domain.
So unless you need more than about 180 certs per any single domain, you shouldn’t hit any limit.
And you should be able to get all the individual certs that you need from LE - all for free.

Unless I missed something… like:
Are you having trouble getting an LE cert?
And/Or are you having any trouble using an LE cert?

It’s weird that Plesk offers to do the webmail subdomain, but not the mail subdomain.

https://docs.plesk.com/en-US/onyx/administrator-guide/website-management/websites-and-domains/advanced-website-security/securing-connections-with-ssltls-certificates/getting-free-ssltls-certificate-from-lets-encrypt.77233/

You might want to file a feature request with them suggesting they add this functionality.

As a workaround, you might be able to add your mail subdomain as a domain alias and then the Plesk control panel will allow you to add it to a certificate.

EDIT: actually you can add a Let’s Encrypt certificate for the mail server too, it’s just the process is different:

https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/securing-plesk/securing-plesk-and-the-mail-server-with-ssltls-certificates.59466/#o78763

1 Like

Hi Patches,

It looks logical but I got weird results by encrypting the emailserver with
"Lets Encrypt certificate (serverpool)"
As i assumed it picks the corresponding cert. matching with the macting
domain (mail) servers and domains?
Now I just choose one but sneds a message to other mail.domains.com that
the cert is not valid…
So : domain hosted > ssl cert >mail server should match dynamically when
requested…
Or do I see this incorrect?

Regards Valentijn

Mvg.
Valentijn Langendorff

:

Also : Plesk lets encrypt : “Include a “www” subdomain for the domain* and
each selected alias*”

So might try a setting up an web alias bla.domain.com while bla.domain.com
is the mailserver??
This fixes the dns issues?? So let’s encrypt takes mail.domain.com included?

Might worth the try…

Ciao

Mvg.
Valentijn Langendorff

:

Perhaps the mail server software Plesk uses doesn’t support SNI, or more likely the Plesk control panel just doesn’t let you configure multiple certificates for multiple domains with the mail server.

Does that [ + Let’s Encrypt ] button automatically detect domain names, or does it allow you to enter them? If it allows you to enter them, you should be able to create a certificate encompassing all of your mail subdomains so they all work with the same certificate.

If it doesn’t, you’re back to asking Plesk to add this functionality or tricking it into letting you create a certificate by adding a mail.yourdomain.com domain alias, if it even allows that.

Thanx, Just posted this on plesk :

Blockquote
Hi
Got this same issue. mail.mydomain.com is not secured but www and webmail is… When creating a Lets encrypt it only creates to dns names in the cert. So all is depending on one main server cert. Which causes a conflict on a vps multiple domains single ip…

Go to the Home > Tools & Settings > SSL/TLS Certificates > Let’s Encrypt
Put hostname.com into the Domain name filed and press Renew.
Q: this is for a server name running plesk and other domains right??

Go to Tools & Settings > SSL/TLS Certificates . Click Change near the Certificate for securing mail field and select Lets Encrypt certificate (server pool) and click OK.
Q: this will use seperate certificates for the domains which uses their own cert ?

Problem : is that let’s encrypt only creates/uses dns naming www and webmail and not others like mail.mydomain.com So the problem stays the same it will use mainserver and fires warning in a mail application cert domain mismatch…

Q: will this be resolved when letsencrypt uses wildcards? Or do I need expensive SAN multi domain certs?? (one ip, multiple domains)

  1. Manually set server’s hostname during mailbox creation instead of domain’s name.

Q: confused here plesk settings host or domain host settings?? Totally lost here…

What that article is saying is that Plesk flat out doesn’t support issuing certificates correctly for mail.yourdomain.com, so you should just use yourdomain.com in the MX records and with mail clients to avoid certificate errors. Unfortunate.

Probably not. Plesk would have to add support for it, and they could add support for doing a mail SAN today just as easily.

Let’s Encrypt issues certificates with up to 100 SAN domains. (And still for free!) It is just the Plesk control panel which prevents you from doing so.

This is actually referring to the settings in an e-mail client like Outlook or Thunderbird.

Thanks for the reply. So maybe invest some time to do certs on mail servers my self. thx for the quick replies!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.