Is it possible to secure the mail server mail.example.com with Let's Encrypt SSL certificate when the A record for example.com is pointing to another server?

Follow

Comments

4 comments

  • Avatar
    Paul S

    I have done this and worked find, but when the SSL certificate of mail.example.com was renewed the mail settings of example.com where this one was set

    1
    Comment actions Permalink
  • Avatar
    Tom Franssen (Edited )

    The workaround does only work until the certificate is being renewed again, as the renewal process then clears the selected certificate on the root domain leaving the mail without certificate. This is a bug. Can you fix that? It shouldn't touch the configuration on the main domain.

    0
    Comment actions Permalink
  • Avatar
    Julia Minenkova

    Hello Tom,

    Correct. Each certificate renewal requires to set certificate on domain again. This is new scenario that requires additional research that is why feature request is created. For now solution is when Let's Encrypt certificate expires, it requires to renew certificate on domain manually or with command line:

    # plesk bin subscription_settings -u example.com -mail_certificate "Lets Encrypt mail.example.com"

    You may create script/scheduled task that is executed on daily basis, for example. 

    0
    Comment actions Permalink
  • Avatar
    Andreas Schnederle-Wagner (Edited )

    @Julia Minenkova - unfortunately daily execution of the CLI Cert assign isn't really helping ...
    If Cert is automatically renewed at 09:00 AM ... and the CLI Script is run every day at let's say 02:00 AM ... we will get calls of our Customers the whole day as they can't access their E-Mails because of Cert Errors ...
    Our 1-Level Support is loosing DOZENS OF HOURS per month to manuelly re-assign LE Certs because of this which causes massive support costs ...
    We really need to find a better Solution here ... is there the possibility of some kind of Webhook when Certs are renewed - so we can automatically trigger the re-assign after the renew?
    Or any other viable solution?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request