Mail users with iOS and MacOS devices cannot access mail after certificate renewal on Plesk server: Cannot Verify Server Identity

Follow

Comments

10 comments

  • Avatar
    Al Ram

    I am not sure who is dropping the ball here, Plesk or Apple, but it has been a long time now and the "solutions" listed here are not solutions -- they are workarounds. Real solutions are somewhere between Apple and Plesk.

    I run 2 dedicated Plesk servers, and have clients. This problem is dragging for years. In general, securing email on Plesk has always been a headache and Plesk never really had a proper "solution" for it.

    1
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Al Ram,

    Thank you for the feedback and sharing your user experience.

    The issue looks to be on the Apple side as the same behavior my be not exclusively on Plesk-based server.

    For example, here's one of the threads on Apple website: https://discussions.apple.com/thread/7713678

    0
    Comment actions Permalink
  • Avatar
    Al Ram

    Yes, Ivan. I can see that when Let's Encrypt renews. iOS recognizes the new cert, does not trust it and it does not offer the option for user to trust it. This option is only available after deleting the account from iOS and deleting the outgoing server separately. Let's Encrypt renews every about three months and I am having to walk my clients through this every cycle. Some have switched to MS Exchange.

    Apple is known to take years to fix problems like this, but I think Plesk should be on the phone with Apple every Monday because it directly affects Plesk. This is iOS, not some obscure mobile OS, and saying that it is Apple's problem is not enough. I am sure when app developers hit an iOS issue, they call Apple and try to get their attention to the problem. It's kinda like that.

    0
    Comment actions Permalink
  • Avatar
    goodomencreative

    1. Settings
    2. Mail, Contacts, Calendars
    3. Accounts
    4. Select the problem account
    5. Advanced
    6. uncheck "Use SSL" in "incoming settings

    0
    Comment actions Permalink
  • Avatar
    Leonid Gukhman

    @goodomencreative Such resolution hasn't been tested, and it looks like SSL is being disabled altogether for the account, which is not recommended.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Al Ram,

    Sorry for not replying to you earlier.

    To be more precise the issue is reported on Let's Encrypt side: https://community.letsencrypt.org/t/lets-encrypt-certificates-with-apple-ios-phones/35695/12

    Plesk isn't required to be used for this issue to appear.

    However, I've highlighted the issue to the Development team to see if we could push it from our side.

    0
    Comment actions Permalink
  • Avatar
    Al Ram

    Thanks Ivan, that's what I concluded too. I am sure you will agree that the solutions people are posting on forums like this one are really just workarounds.

    I also understand that there are three parties involved here and that a change in iOS is probably where the real solution lies, but I believe that it would be much more effective for Plesk or Let's Encrypt to make that push with Apple. I was hoping that iOS 13 would include a real fix, but that did not happen. 

    I do believe that where Plesk and Let's Encrypt are going is the right direction -- SSL bundling with server software -- so I am hoping this is just a bump that will be ironed out.

    I look forward to an iOS update with at least persistent Continue button for now.

    0
    Comment actions Permalink
  • Avatar
    Andreas Schnederle-Wagner

    Any News on this? Lately more & more of our Customers calling because of this Problem ... and it's not really professional to tell them they have to "Re-Create" their Mail Accounts with out Servers every 2-3 Months ...

    0
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy

    Hi Andreas Schnederle-Wagner this issue is on iOS Apple side and not something that we can fix from Plesk side. I recommend checking the following forum as well https://discussions.apple.com/thread/7713678

    0
    Comment actions Permalink
  • Avatar
    Bob B

    Does anyone know if there is a trustworthy, 3rd party IMAP email client, for iOS, like Outlook, Gmail, etc., that does not have this certificate renewal issue?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request