How to secure the webmail with a Let's Encrypt certificate in Plesk

Follow

Comments

13 comments

  • Avatar
    Marco Marsala (Edited )

    You should place a redirect from http://webmail.domain.tld to https. Even the option "Hosting Settings > Permanent SEO-safe 301 redirect from HTTP to HTTPS" won't redirect the webmail; in any case these should be two separate options as the website may not support HTTPS yet.

    There is an UI bug too: selecting a certificate already used for securing webmail and hitting "Secure webmail" will freeze the interface.

    0
    Comment actions Permalink
  • Avatar
    Konstantin Annikov (Edited )

    Hello, 

    There is no "redirect to https for webmail" feature in Plesk yet, but you can vote for it on UserVoice portal: 
    https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/18515065-possibility-to-force-ssl-on-webmail

    And as a workaround, you can force https connection in Roundcube configuration file as it described here

    Or use the following article to make a redirect on the level of Apache: 
    How to redirect webmail HTTP to HTTPS

    As for the UI, I could not reproduce the same on my test server with newly installed Plesk Onyx 17.5. The following notification is shown after selecting the certificate which is already used for securing webmail on domain: 

    PLESK_INFO: The webmail was secured with the selected certificate. Important: webmail now works via HTTPS only, correct your bookmarks, links, and so on.

    So, please  submit a ticket for support in order to check if the issue persists on your server: 

    How to submit a request to Plesk Technical Support

    0
    Comment actions Permalink
  • Avatar
    Miha Gregorš

    Hello,

    is it possible to secure only webmail.example.com even if it's domain example.com and www.example.com pointed to other sever?

    Regards,

     

    ...

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Miha,

    Let's encrypt extension does not support such scenario.

    0
    Comment actions Permalink
  • Avatar
    Aristeidis Vlachopanos

    Hello, in our server the webmail is mail.example.com and not webmail.exmple.com . Is it possible to use this feature to secure it or is it specifically for the given subdomain?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Aristeidis Vlachopanos,

    The default URL for webmail is indeed webmail.example.com. The instructions specified here are for this URL.

    This article is not applicable to non-standart webmail URL, configured using this workaround

     

    0
    Comment actions Permalink
  • Avatar
    David Hubbard

    Can Let's Encrypt be used to secure ONLY webmail?

    0
    Comment actions Permalink
  • Avatar
    Alexandr Nikolaenko

    Hello @David Hubbard

    Following steps from the article, you can choose Let's Encrypt certificate to secure webmail. Then, in Hosting Settings of the domain, you can specify another SSL certificate from the domain's repository to be used for the main website.

    0
    Comment actions Permalink
  • Avatar
    destan40

    I have it two times!

    Case:

    - Maindomain Cert: Paid certificate
    - Webmail Only: LetsEncrypt

    Problem: Lets Encrypt certificate will not be automaticly renewd(but oll other only letscrypt domains)

    0
    Comment actions Permalink
  • Avatar
    Francisco Garcia

    Hi destan40,

    Just as a curiosity, won't it be easier now that you have a paid certificate on the main domain to also secure webmail with such cert?

    If it's in another server, you could still create it on Plesk, and assign it to webmail too. I mean, it could also be done through API.

    0
    Comment actions Permalink
  • Avatar
    David Hubbard

    That is generally not cost effective; most SSL providers will not sell you a cert that includes the TLD, www, as well as a SAN of webmail., mail., or whatever else, unless you move up into a much more expensive cert.  That's why most people would like to have a paid cert on the primary website and LE certs on all the other services, development subdomains, etc.

    0
    Comment actions Permalink
  • Avatar
    Simple Hosting GmbH

    Hello

    How does that work if using smartermail remote server? should webmail.yourdomain.com point to plesk hosting shared ip address and than the IIS would redirect it to the remote smartermail server?

    ps: please vote for: https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/40257052-webhosting-migration-windows-with-central-smarterm

    0
    Comment actions Permalink
  • Avatar
    Nelson Leiva

    Hi Simple Hosting GmbH,

    Correct. Let's Encrypt only needs the webmail.domain.com to resolve to the Plesk server in order to issue the certificate.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request