Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
- How to make Plesk, mail autodiscover and Cloudflare work correctly?
- How to set up Plesk, mail autodiscover and Cloudflare to work together for a domain?
- How to configure Plesk, mail autodiscover and Cloudflare to work together for a website?
Answer
1. Let's Encrypt SSL must be issued for example.com (webmail and www checked) and the hostname of the server (server.example.com) on the side of Plesk
Note: SSL certificates issued by Cloudflare do not have the ability to secure mail server connections on SMTP, POP3 and IMAP ports.
2. The domain should be using the issued SSL certificate for mail on the side of Plesk (Go to Mail > the “Mail Settings” tab, click the domain name, select the SSL/TLS certificate for mail, and then click OK)
3. SSL/TLS mode in Cloudflare should be set to Full (Strict)
4. DNS records for the domain on the Plesk side should be set according to the following example (Replace 203.0.113.2 with your Plesk server IP, example.com with your domain and server.example.com with your Plesk server hostname):
| Host | TTL | Record type | Value |
| ftp.example.com. | 3600 | CNAME | example.com. |
| example.com. | 3600 | TXT | v=spf1 +a +mx +a:server.example.com -all |
| _pop3s._tcp.example.com. | 3600 | SRV | example.com. |
| _imaps._tcp.example.com. | 3600 | SRV | example.com. |
| server.example.com. | 3600 | A | 203.0.113.2 |
| example.com. | 3600 | NS | ns1.example.com. |
| example.com. | 3600 | NS | ns2.example.com. |
| www.example.com. | 3600 | CNAME | example.com. |
| ns2.example.com. | 3600 | A | 203.0.113.2 |
| ipv4.example.com. | 3600 | A | 203.0.113.2 |
| _dmarc.example.com. | 3600 | TXT | v=DMARC1; p=none |
| example.com. | 3600 | MX (10) | mail.example.com. |
| ns1.example.com. | 3600 | A | 203.0.113.2 |
| mail.example.com. | 3600 | A | 203.0.113.2 |
| webmail.example.com. | 3600 | A | 203.0.113.2 |
| example.com. | 3600 | A | 203.0.113.2 |
| _smtps._tcp.example.com | 3600 | SRV | example.com. |
5. DNS records within the Cloudflare DNS zone for the domain should be set according to the following example (Replace 203.0.113.2 with your Plesk server IP, example.com with your domain and server.example.com with your Plesk server hostname):
| Name | Type | Proxy status | Content |
| ftp | CNAME | Proxied | example.com |
| example.com | TXT | DNS Only | v=spf1 +a +mx +a:server.example.com -all |
| _pop3s._tcp | SRV | DNS Only | 0 0 995 example.com |
| _imap3s._tcp | SRV | DNS Only | 0 0 993 example.com |
| server | A | Proxied | 203.0.113.2 |
| example.com | NS | DNS Only | ns1.example.com |
| example.com | NS | DNS Only | ns2.example.com |
| www | CNAME | Proxied | example.com |
| ns2 | A | Proxied | 203.0.113.2 |
| ipv4 | A | Proxied | 203.0.113.2 |
| _dmarc | TXT | DNS Only | v=DMARC1; p=none |
| example.com | MX (10) | DNS Only | mail.example.com |
| ns1 | A | Proxied | 203.0.113.2 |
| A | DNS Only | 203.0.113.2 | |
| webmail | A | Proxied | 203.0.113.2 |
| example.com | A | Proxied | 203.0.113.2 |
| _smtps._tcp | SRV | DNS Only | 0 0 465 example.com |
Note: It can take up to 48 hours for the changes made within the Cloudflare DNS zone to become effective worldwide
6. Mail autodiscover should be enabled on the Plesk side both server-wide and for the domain
Note: If you encounter redirection issues while attempting a Plesk login by using the server hostname after starting to use Cloudflare, you may resolve them by following the steps in this article: A user is being logged out from Plesk periodically or Plesk redirects to the login page after a successful login attempt
Alternatively, you may switch the proxy status for the server.example.com record on Cloudlare's end to DNS Only
Comments
0 comments
Please sign in to leave a comment.