How to get the DKIM public key from Plesk if DNS is not installed?

Follow

Comments

39 comments

  • Avatar
    Pascal Saul

    Is it possible to show the public key in the control panel under "Mail Settings" please. We're not all admins ;)

    Your example is not complete and should be:

    default._domainkey.example.com IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+aOU9Dw2Qedi6qOEcpbGQ3pHVI8SonKGNSBBgiImChx6k6I7s1UqeCzaHpKXKLIY4GA601gloVCnnTumZ/5TxnviBHg1a2lsatt/gCj2pl61a+uALM1oRdgPhxPYefloFpi0lau8thV6u9BYTfUgfqIF+dvFIVlu0MULsWDDJfwIDAQAB

    1
    Comment actions Permalink
  • Avatar
    Jussi Vainionpää

    Just wanted to let everyone know an easy workaround to finding DKIM public record if DNS is hosted somewhere else.

    Just enable DNS for the domain for a few seconds so you can see the DKIM generated in the Plesk DNS management. Copy that to clipboard and disable DNS.

    This DKIM record seemed to work perfectly for me when I copied it to my external DNS.

    1
    Comment actions Permalink
  • Avatar
    Janik R.

    I rewrote the script a little bit so that the keys can now be saved directly in the customer's document root.
    In addition, the script is no longer executed when creating subdomains.

    I've added a little description and installation guide in the readme.

    https://github.com/rabe0577/plesk-dkim-recreate

    I hope I can help you with that.

    1
    Comment actions Permalink
  • Avatar
    Iain

    The article mentions; "/etc/domainkeys/**example.com**/default (for selector "default")"

    Does this mean it's possible to set a selector name other than 'default'? If so, how?

    0
    Comment actions Permalink
  • Avatar
    Harm Jakob Tolsma (Edited )

    Jussi Vainionpää

    You could also edit the script and have it send you the key.

    ##send the key by email
    mail -s "DKIM record for ${NEW_DOMAIN_NAME}" youremail@domain.com < $dkim_rec_path/$dkim_rec_prefix${NEW_DOMAIN_NAME}$dkim_rec_fe

    0
    Comment actions Permalink
  • Avatar
    Iain

    Hi Francisco Garcia, previous did that. See custom dkim selector name  :-)

    0
    Comment actions Permalink
  • Avatar
    M.Ouattara (Edited )

    Hi All.

    need your help please.

    I got this error "Error, no such file or directory"

    In fact the directory /etc/domainkeys/ do not exit on my dedicated server. however, i have checked on mail setting DMARC, DKIM an SPF on my Plesk 17.8.11.  but directories still unavailable.

    Need your help

    0
    Comment actions Permalink
  • Avatar
    lydie_t

    Hi @Alexandr Redikultsev,

    Connecting under root, I am now able to access "default" file (which is the private key), then execute the command indicated by @Bato Tsydenov. This creates the public key.

    Thank you. This helped.

    0
    Comment actions Permalink
  • Avatar
    Carlos Ivan Castillo Moya

    to see if I understand, when I mark the option "Plesk > Domains > example.com > Mail Settings > Use DKIM spam protection system to sign outgoing email messages" indicates that records are generated in the DNS zone of plesk, right? If the answer is yes, it means that if you use this panel DKIM will work well.

    Now, if I use external DNS I could refer to the DNS zone where the records are using a CNAME record ?

    0
    Comment actions Permalink
  • Avatar
    Bato Tsydenov

    Hello Harm Jakob Tolsma

    Thank you for bringing this to our attention.

    I have updated the script so that it is working correctly now.

    0
    Comment actions Permalink
  • Avatar
    Taras Ermoshin

    Hello @Cfaessler !

    To do that, it should be possible to call system utilities (like openssl) via API. Unfortunately, it is not possible to do that either with our XML API or REST API.

    0
    Comment actions Permalink
  • Avatar
    Adl

    Hi, on my test system seems that script not recognize ${NEW_DOMAIN_NAME} parameter.

    I can only see this in /tmp/dkim_keys, a file called

    "dkim_key_.txt"

    And inside this file only

    "default._domainkey. IN TXT "v=DKIM1;k=rsa; p="

    Thanks a lot.

     

    0
    Comment actions Permalink
  • Avatar
    Florent

    Hi,

    Is it possible to change the "default" selector to something else ? ("plesk" for example ;))

    Thx

    0
    Comment actions Permalink
  • Avatar
    Nikita Nikushkin

    Hi @M.Ouattara!

    The "/etc/domainkeys/" folder is missing because you have not marked the "Plesk > Domains > example.com > Mail Settings > Use DKIM spam protection system to sign outgoing email messages" checkbox for any domain yet

    Once you mark it for any domain, the "/etc/domainkeys/" folder will be created automatically together with the domain's related folder "/etc/domainkeys/example.com"

    0
    Comment actions Permalink
  • Avatar
    Alexandr Redikultsev

    Hi @IDC,

    Make sure that corresponding file /etc/domainkeys/example.com/default exists indeed. Do not forget to replace example.com with the actual domain's name.

    0
    Comment actions Permalink
  • Avatar
    IDC

    Error No such file or directory

    # openssl rsa -in /etc/domainkeys/example.com/default -pubout -out public.key
    Error opening Private Key /etc/domainkeys/example.com/default
    139977471330208:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/domainkeys/example.com/default','r')
    139977471330208:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
    unable to load Private Key

    0
    Comment actions Permalink
  • Avatar
    Alex

    Hi.

    I have following issue:

    I use external DNS service, and I setup DKIM private key as described in a manual on this page. It was working fine with Onyx, but after updating to Obsidian, I now get an error from the backup manager - WARNING: (Mail object 'domain.com') Unable to back up domain keys. Error: Call to a member function getRecordsMatched() on null.

    I have re-issued default key, generated a new pub-key, but still getting the error.

    Any ideas how to fix this issue?

    Thanks

     

    0
    Comment actions Permalink
  • Avatar
    Lars Jansen

    Jussi Vainionpää I created an account on this forum, just to thank you!

    0
    Comment actions Permalink
  • Avatar
    Harm Jakob Tolsma

    I kept getting errors when verifying DKIM. "OpenSSL wrong tag"
    After some searching I found the reason.
    The script in zip-file seems to use the private key in the output for the record when it is actually the public key that needs to be included.

    ## recreate key:
    openssl rsa -in /etc/domainkeys/$new_domain_name/default -pubout -out public.key  --> Here we create a public key

    ## crop first and last line of keyfile
    sed '1d;$d' /etc/domainkeys/$new_domain_name/default > $tmp_path/$tmp_prefix$new_domain_name$tmp_fe   --> here we trim the private key

    Everything worked as expected after I changed the last line to:
    sed '1d;$d' public.key > $tmp_path/$tmp_prefix$new_domain_name$tmp_fe

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    @Prodesignerch, please, could you give more details about the issue?

    When do you have this error shown? During which step of resolution?

    Also, let us know what OS and Plesk versions do you use?

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    Currently, Plesk allows using only "default" name. There is a corresponding feature request which you may vote to get this implemented.

    0
    Comment actions Permalink
  • Avatar
    黃彥儒

    Could I change string "default" at "default._domainkey.example.com"?

    0
    Comment actions Permalink
  • Avatar
    Alisa Kasyanova

    @Janik R.
    Thank you so much for sharing this! I am sure other Pleskians will find it helpful.

    0
    Comment actions Permalink
  • Avatar
    IDC

    Hi @Alexandr Redikultsev,

    Thank you for your response.

    Now,I am created file /etc/domainkeys/example.com/default and re-place exam.com to my domain's name.

    This error tell me "unable to load Private Key"

    # openssl rsa -in /etc/domainkeys/mydomain.com/default -pubout -out public.key
    unable to load Private Key
    140544879454112:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY

    0
    Comment actions Permalink
  • Avatar
    Alexandr Redikultsev

    Also, automatic script should be executed only via Tools & Settings > Event Manager, manual execution of the script via the command line will not work.

    0
    Comment actions Permalink
  • Avatar
    Maxim Krasikov (Edited )

    Hello @Carlos Ivan Castillo Moya,

    You are right, when option "Use DKIM spam protection system to sign outgoing email messages" is enabled, the corresponding DKIM record is generated for the domain DNS zone in Plesk.

    Since an external DNS server is used for a domain, the TXT record related to DKIM should be transferred to the external DNS as it is.

    You can find the additional information about DKIM protection here:
    https://support.plesk.com/hc/en-us/articles/115003843813

    0
    Comment actions Permalink
  • Avatar
    Alexandr Redikultsev (Edited )

    Hi @lydie_t.

    Please let me know your OS version.

    Also, clarify under what user you are executing the command, and whether or not it is working in case you are running it under root user via SSH, not via scheduled task.

    0
    Comment actions Permalink
  • Avatar
    Cfaessler

    The Script works for us after some changes that are based on how we handle the installation of domains/subscription in our company.

    Is there any possibility to generate and get the public key with the API or REST API?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Florent,

    Could you, please, give more details about the question?

    This will help to give a more precise answer.

    0
    Comment actions Permalink
  • Avatar
    Francisco Garcia

    Hi Iain,

    Within Plesk, there's only one DKIM selector by design.

    If you see it necessary, I encourage you to create a new Uservoice request.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request