Mail users with iOS and MacOS devices cannot access mail after certificate renewal on Plesk server: Cannot Verify Server Identity

Follow

Comments

7 comments

  • Avatar
    Al Ram

    I am not sure who is dropping the ball here, Plesk or Apple, but it has been a long time now and the "solutions" listed here are not solutions -- they are workarounds. Real solutions are somewhere between Apple and Plesk.

    I run 2 dedicated Plesk servers, and have clients. This problem is dragging for years. In general, securing email on Plesk has always been a headache and Plesk never really had a proper "solution" for it.

    1
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Al Ram,

    Thank you for the feedback and sharing your user experience.

    The issue looks to be on the Apple side as the same behavior my be not exclusively on Plesk-based server.

    For example, here's one of the threads on Apple website: https://discussions.apple.com/thread/7713678

    0
    Comment actions Permalink
  • Avatar
    Al Ram

    Yes, Ivan. I can see that when Let's Encrypt renews. iOS recognizes the new cert, does not trust it and it does not offer the option for user to trust it. This option is only available after deleting the account from iOS and deleting the outgoing server separately. Let's Encrypt renews every about three months and I am having to walk my clients through this every cycle. Some have switched to MS Exchange.

    Apple is known to take years to fix problems like this, but I think Plesk should be on the phone with Apple every Monday because it directly affects Plesk. This is iOS, not some obscure mobile OS, and saying that it is Apple's problem is not enough. I am sure when app developers hit an iOS issue, they call Apple and try to get their attention to the problem. It's kinda like that.

    0
    Comment actions Permalink
  • Avatar
    goodomencreative

    1. Settings
    2. Mail, Contacts, Calendars
    3. Accounts
    4. Select the problem account
    5. Advanced
    6. uncheck "Use SSL" in "incoming settings

    0
    Comment actions Permalink
  • Avatar
    Leonid Gukhman

    @goodomencreative Such resolution hasn't been tested, and it looks like SSL is being disabled altogether for the account, which is not recommended.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Al Ram,

    Sorry for not replying to you earlier.

    To be more precise the issue is reported on Let's Encrypt side: https://community.letsencrypt.org/t/lets-encrypt-certificates-with-apple-ios-phones/35695/12

    Plesk isn't required to be used for this issue to appear.

    However, I've highlighted the issue to the Development team to see if we could push it from our side.

    0
    Comment actions Permalink
  • Avatar
    Al Ram

    Thanks Ivan, that's what I concluded too. I am sure you will agree that the solutions people are posting on forums like this one are really just workarounds.

    I also understand that there are three parties involved here and that a change in iOS is probably where the real solution lies, but I believe that it would be much more effective for Plesk or Let's Encrypt to make that push with Apple. I was hoping that iOS 13 would include a real fix, but that did not happen. 

    I do believe that where Plesk and Let's Encrypt are going is the right direction -- SSL bundling with server software -- so I am hoping this is just a bump that will be ironed out.

    I look forward to an iOS update with at least persistent Continue button for now.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request