Let's Encrypt certificates don't work on mail in multiple domain servers

[GeekTale]

Hi.

I have a cloud server to hosting multiple webpages with a domain for each. I try to create Let's Encrupt certificates for each domain but this certificate doesn't work with the SMTP, POP3 or IMAP connections. All my clients works with Outlook or Thunderbird and this software thows error with the certificates. ¿Can be posible create a mail server certificate with all the domains names?

Thanks in advance.

[acuntex]

The issue goes further: If you enter an email address in a client (like thunderbird or on ios) the client assumes that the imap server is imap.domain.tld and the smtp is smtp.domain.tld.

If you use the lets encrypt certificate for domain.tld, users always get errors that the certificate is not ok because it's a different domain.

Since mail servers can only have one certificate you're basically stuck with this since the plesk addon does not yet allow aliases or wildcards (or the ui is not clear enough and I have no idea how to do it).

Anyway: How do other users do it? I'm always telling the users to use "domain.tld" but in 9/10 cases, they just f* up and use the standard mail client settings.

[digitall-it]

Also, the Plesk instructions to configure the email client do not suggest using as the server the secured address, but the domain. This leads to be unable to just point customers straight out to the documentation for client configuration.

[marcomarsala]

@digitall-it I reported that and they fixed the docs here: https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/securing-plesk/securing-plesk-and-the-mail-server-with-ssltls-certificates.59466/

"Note: If you secure the Plesk mail server with an SSL/TLS certificate, make sure to use the domain name for which the certificate was issued when connecting to the mail server, and advise your customers to do the same. Otherwise, the mail client software may be unable to verify the mail server identity, which may cause issues when sending or receiving mail."

A solution would be if only Plesk could generate multi-domain Let's Encrypt certificates.

[digitall-it]

Grazie, Marco.

[sgalam]

This is not a LE issue but a Plesk TLS SNI implementation issue on SMTP/IMAP/POP services.

see this: https://support.plesk.com/hc/en-us/articles/115002974174-Is-there-SNI-support-for-SMTP-IMAP-POP3-

https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/32132116-it-would-be-nice-to-provide-mail-ssl-tls-support-w

[pulsarinformatique]

Hi This problem has been here for a while. Is the conclusion there is no solution ? Thanks

cyril

[digitall-it]

Plesk says it is a mailserver implementation issue, not theirs. But Dovecot has SNI support. So we should Uservoice it. https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/32132116-it-would-be-nice-to-provide-mail-ssl-tls-support-w

[pulsarinformatique]

Hi I added my comment and vote on https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/32132116-it-would-be-nice-to-provide-mail-ssl-tls-support-w

I'm surprised Plesk is waiting for this fix

[pulsarinformatique]

Hi Still no news on this vital requirement ? Very weird it hasn't been fixed already. Pleask is a great tool and this lacking feature is completely ununderstable.THANKS !