Mail users with iOS and MacOS devices cannot access mail after certificate renewal on Plesk server: Cannot Verify Server Identity

Comments

5 comments

  • Avatar
    Frank Palaia

    Imagine that you have a client with nearly a hundred email accounts.   Many of these folks use MACs and iPhones.  The Let's Encrypt certificate renews, and then you're spending days on the phone walking all of these people through deleting their email accounts and setting them up again.  This happens every three months at each renewal until the customer gets fed up and goes somewhere else.  This has happened to me several times, and I've been on the phone all day today because of a cert that renewed yesterday.  I wish I could offer a solution.  There needs to be a better way.

    2
  • Avatar
    turgut kalfaoglu

    And I thought "Outlook" was poorly programmed! I cannot believe the IOS mail client is unable to handle a certificate change properly.. I'm telling clients to disable all SSL,TLS,MD5 Authentication and sticking to "Password".. It's insecure but it gets their job done.

    0
  • Avatar
    Frank Palaia

    07/02/23  I may have a fix for this frustrating situation.   If you have a domain on the Plesk server that has been set up as what I might call a primary domain on the server for the purposes of reverse DNS, your customers can use that domain for their incoming and outgoing mail servers, instead of the default; mail.subscriptiondomain.com.   I am in the process of testing this, but so far, so good.   When the certificate for that reverse DNS domain automatically renewed, my phone did not start ringing again with complaints from Apple users, and my own iPhone continued without a hiccup.  I will be more confident that this is a true fix when another 90 days have passed, but I am optimistic.

    1
  • Avatar
    Miha Gregors

    Hello,

    I have the same problem and here is solution https://community.letsencrypt.org/t/certificates-renewal-and-apple-os-mail/152621

    For me solution 2. works:
    Each time the certificates are renewed, restart postfix and dovecot. I think this second option reloads both daemons with the latest certificates, but I do not know yet if it works (I will have to wait three months).

    So is it possible that Plesk itself reload mail services (Postfix and Dovecot) after SSL is renewed?

    Regards,
    Miha Gregorš

    0
  • Avatar
    Miha Gregors

    Still nothing?

    0

Please sign in to leave a comment.

Have more questions? Submit a request