Wildcard certificates and webmail


My domain is hosted on a virtual server and managed via Plesk. The domain is registered with GoDaddy and I use GoDaddy’s DNS servers.

In Plesk, I selected the domain, chose the Let’s Encrypt icon and went through the motions for creating a wildcard certificate (having previously followed the instructions for allowing acme-v02 protocol) and setting up the appropriate DNS TXT entry in GoDaddy. That all worked and https on my main domain is working including www.

I was expecting, that by using a wildcard certificate, that all sub-domains would be accessible via https but webmail.mydomain isn’t working.

Any ideas why not?

Hi @swarhurst

what's your domain name? And what means

No connection? Wrong certificate? Mixed content?

Hi. The domain is creationfactor.net but https://webmail.creationfactor.net isn’t working (it redirects to http). I thought a wildcard certificate meant any subdomain of creationfactor.net would work, i.e: *.creationfactor.net. I only have a shallow understanding of DNS though(!).

https://www.creationfactor.net/ is ok, there is the certificate correct.

There is a self signed certificate, not the wildcard certificate *.creationfactor.net.

But I think: If you want to use a wildcard certificate with other subdomains, plesk may not change the configuration.

So: How can you configure the webmail - subdomain? Apache? Nginx?

Probably also Plesk, don't you think?

Oh I see what you mean - so Plesk must be internally managing the apache config files for the webmail subdomain. So, theoretically, if that apache config could be modified to use SSL it would actually be covered by the same certificate as the main domain?

As a matter of interest, how can you tell how can you tell webmail.creationfactor.net is under a self-signed certificate? Is there a DNS lookup command for that?

You can just surf to https://webmail.creationfactor.net and check out the certificate to see this.

Also, from the Plesk documentation about Let's Encrypt wildcard certificates:

A wildcard certificate is only assigned to the main domain. To apply it to subdomains, go to Hosting Settings of each subdomain and chose the new wildcard Let's Encrypt certificate in the Certificate drop-down menu.

Also not unimportant:

Wildcard certificates will not be renewed automatically.

Ahh of course, right-clicking on the "Not-secure" bit to the left of the URL (in Chrome anyway).

Right, so because Plesk doesn't expose the webmail subdomain in the list of domains I can't immediately go and select the let's encrypt wildcard certificate there.

I'm currently looking at https://support.plesk.com/hc/en-us/articles/213951265-How-to-redirect-webmail-from-HTTP-to-HTTPS-on-a-Linux-server#For%20Plesk:%20Horde%20webmail and will try one of those suggestions (my virtual server uses Plesk 12.x)

Do you know if that's because it requires generating a new code and changing the DNS "_acme-challenge" TXT entry?

Did you do that manual? If yes, then plesk isn't able to automate that -> manual renew required

Yes, the DNS is managed via GoDaddy so not connected to Plesk on my virtual server

@JuergenAuer, @Osiris thanks for your help guys.

I ended up following this workaround:

And also put Apache redirects in place from http to https/

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.