Applicable to:
- Plesk for Windows
- Plesk for Linux
Symptoms
-
When connecting to a mailbox john.doe@example.com using a mail client the following warning is shown:
CONFIG_TEXT: The certificate for this server is invalid
Or:
CONFIG_TEXT: certificate belongs to a different site, which could mean that someone is trying to impersonate this site
Or:
CONFIG_TEXT: The target principal name is incorrect
Or:
CONFIG_TEXT: Mail can't verify the identity of the server "mail.example.com".
Or:
CONFIG_TEXT: stream_socket_client(): Peer cartificate CN='example.com' did not match expected CN='example.org'
Or:
CONFIG_TEXT: Certificate subject and hostname mismatch
-
The error shows that the certificate from the error belongs to
serverhostname.com. -
Certificate in Tools & Settings > SSL/TLS Certificates > Certificate for securing mail is set to
serverhostname.com.
Cause
Incorrect configuration of the mail client.
Resolution
For Plesk Onyx:
Assigning separate SSL certificates for different domains on a local mail server in Plesk Onyx is not supported.
Configure a mail client following the article: Configure mail client for secure connection.
For Plesk Obsidian:
Secure the mail server for domain according to the instructions from the following article:
How to secure a Plesk mail server with different SSL certificates (SNI support)
Comments
7 comments
This is a MAJOR problem haunting me since a long time!
I thought that maybe with the added functionality of let's encrypt to assigne the certificate to webmail.mydomain.com the solution was finally available, but I have not found a way to get this configured...
Has anybody been able to work this out?
@Hugosnel, such error can appear in case self-signed certificate for mail server is used. Check article https://support.plesk.com/hc/en-us/articles/213924425-How-to-%D1%81hange-the-default-certificates-for-SMTP-IMAP-and-POP3-over-SSL- for instructions how to change the default certificate.
Hi I use Plesk Onyx
I set all steps in the documentation, but it does not work in the right way. this problem in Cpanel does not exist for 5 years ago
All the clients are in the port 8443, webmail ..etc appears security error in the browsers
It also can not connect with your smartfone or mail devices
How do I solve this problem
Hello @Pascu,
From the given symptoms it looks like correct SSL certificates are not installed, let me provide you instructions:
> All the clients are in the port 8443, webmail ..etc appears security error in the browsers
To secure Plesk login page use this instruction.
To secure webmail use this instruction.
> It also can not connect with your smartfone or mail devices
There are two options to secure mail server, both allow to avoid errors when connection mail clients.
https://support.plesk.com/hc/en-us/articles/115003207925-How-to-secure-a-mail-server-with-a-purchased-SSL-certificate-in-Plesk-
https://support.plesk.com/hc/en-us/articles/115000179934-How-to-secure-mail-server-with-Let-s-Encrypt-certificate-
When setting up mail clients make sure that SSL certificate is created for the exact domain which is used in mail client settings.
Hi @Denis Bykov
Do you already know the release date of the next plesk version to fix this issue please?
Best Regards,
Hello @Pierre-Emmanuel DEGRYSE,
The cause of such behavior is an incorrect configuration of the mail client. As a solution, it is required to configure a mail client following the article Configure mail client for secure connection.
If your question is about assigning separate SSL certificates, the following article is devoted to this.
Please sign in to leave a comment.