- Plesk Onyx for Linux
- Plesk Onyx for Windows
How to secure mail server with Let's Encrypt certificate?
Note: This works only for Plesk Onyx and newer. Older versions of Plesk do not have such functionality.
The certificate secures the entire mail server and all domains on it. It is not possible to secure individual mail connections, such option is not possible in the functionality of mail servers Is there SNI support for SMTP/IMAP/POP3?
In order to secure mail server using a certificate from Let's Encrypt, follow these steps:
- Install the Let’s Encrypt extension if it is not installed.
- Go to Tools & Settings > SSL/TLS Certificates (under "Security" ).
- Click the + Let's Encrypt button.
- Make sure that the email address in the “Email address” field is correct. This email address will be used to send important notifications.
- Click Install .
- At this stage, the certificate from Let’s Encrypt has been generated and used to secure Plesk automatically.
- To secure the mail server, click the [Change] link next to “Certificate for securing mail” .
- Select the “Lets Encrypt certificate (server pool)” from the drop-down list, and click OK .
Warning: SSL certificate assigned to the Mail server and domain name in the certificate should be the same as the name of Mail server.
Note: When connecting to the mail server, make sure to use the domain name in the certificate issued during securing Plesk mail server.
Advise your customers to do the same. Otherwise, the mail client software may be unable to verify the mail server identity, which may cause issues when sending or receiving mail, like this one.
For additional information refer to the Plesk Administrator Guide.
For lower Plesk versions it is required to secure mail server manually according to the article How to configure certificate for SMTP, IMAP, and POP3 over SSL?