Certificate error during the connection to the email account via email client application.

Follow

Comments

6 comments

  • Avatar
    Valentijn Langendorff (Edited )

    Hi

    Got this same issue. mail.mydomain.com is not secured but www and webmail is... When creating a Lets encrypt it only creates to dns names in the cert. So all is depending on one main server cert. Which causes a conflict on a vps multiple domains single ip...

    • Go to the Home > Tools & Settings > SSL/TLS Certificates > Let's Encrypt 
    • Put hostname.com into the Domain name filed and press Renew.

    Q: this is for a server name running plesk and other domains right??

    • Go to Tools & Settings > SSL/TLS Certificates . Click Change near the Certificate for securing mail field and select Lets Encrypt certificate (server pool) and click OK.

    Q: this will use seperate certificates for the domains which uses their own cert ? 

    Problem : is that let's encrypt only creates/uses dns naming www and webmail and not others like mail.mydomain.com So the problem stays the same it will use mainserver and fires warning in a mail application cert domain mismatch...

    Q: will this be resolved when letsencrypt uses wildcards? Or do I need expensive SAN multi domain certs?? (one ip, multiple domains)

    Thanx for replying!

     

    • Manually set server's hostname during mailbox creation instead of domain's name.

    Don't get this one : Q: confused here plesk settings host or domain host settings?? Totally lost here... I 

  • Avatar
    Natalia Astashenko

    Hello @Valentijn Langendorff,

    Thank you for your questions.

    > Q: this is for a server name running plesk and other domains right??

    A: This certificate will be issued for the hostname. It will be used for mail server for all domains.

     

    > Q: this will use seperate certificates for the domains which uses their own cert ? 

    A: Under Certificate for securing mail menu, there will be configured only one certificate for mail server. According to recommendations, it should be issued for the server hostname. So, the server's hostname should be specified in the email client settings as the incoming/outgoing mail server for mail service on every domain.

     

    > Problem : is that let's encrypt only creates/uses dns naming www and webmail and not others like mail.mydomain.com So the problem stays the same it will use mainserver and fires warning in a mail application cert domain mismatch...

    >Q: will this be resolved when letsencrypt uses wildcards? Or do I need expensive SAN multi domain certs?? (one ip, multiple domains)

    A: There should not be any issues if hostname.com is specified for incoming/outgoing mail server - not mail.hostname.com

     

    > Q: will this be resolved when letsencrypt uses wildcards? Or do I need expensive SAN multi domain certs?? (one ip, multiple domains)

    A: There is no need to use certificate issued for several domain names if you use server hostname to issue the certificate and to configure mail clients. However, it is totally up to you which certificate to assign.

     

    > Manually set server's hostname during mailbox creation instead of domain's name.

    Sorry for confusing. Here is meant configuration of mailbox in mail clients. I have updated the article.

  • Avatar
    Valentijn Langendorff

    But an issue would be that the certificate details don't match dns info in the certificate and so I have to explicitly ask someone to accept the certificate even the domain is not connected with the hostname.
    This could be a spam classification in the future.

  • Avatar
    Bulat Tsydenov

    @Valentijn For example, you have a certificate which is issued for a hostname. In order to avoid mismatch, specify the hostname of SMTP server in mail client configuration. In this case, it will not be required to accept the certificate.

  • Avatar
    Valentijn Langendorff

    Hi @bulat
    Thanks true.
    Should I allow relay for this based on my pool of domains? How to do that?
    Don't like extra logins for only this...

  • Avatar
    Natalia Astashenko

    @Valentijn Langendorff It is not necessary. All mailboxes will be connected to the mail server as usual. They just will use the hostname to access the server and verify the connection.

Please sign in to leave a comment.

Have more questions? Submit a request