Unable to set SNI certificates for mail (Postfix) using Let's Encrypt certificates




  • Avatar
    Lenor (Edited )

    Any Solution here?

    I am using Let's encrypt and have latest Updates installed, last check today. 

    I got Errors in Maillog, TLS SNI XY from XY[xx.xx.xx.xx] not matched, using default chain


    Moreover and truly this affects only obsidian. on other older Server no Problems. 

    I just saw many such fails -.-

    Comment actions Permalink
  • Avatar
    Alexey Lapshin

    Hello @Lenor

    The most probable cause of the issue is the fact that many domains use one IP address and the global certificate for a mail from Plesk > Tools & Settings > SSL/TLS Certificates > Certificate for securing mail. So, to use SNI it is necessary to set separate certificates for each domain there Plesk > Domains > example.com > Mail Settings > SSL/TLS certificate for mail.

    However, it should not affect email delivery.

    Comment actions Permalink
  • Avatar
    Eser Esen

    After upgrading to Obsidian i was able to create and select a certificate for each domain and its mail service. But these certificates are ignored, because on Tools&Settings -> SSL/TLS there is still the global option for mail certificates and this one is delivered by the mail server.

    How do i make plesk use the new certificates i created and assigned to each including for the mail service?

    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request