Lets Encrypt Certificate for Mailserver and Webmail.
As descriebed earlier
Let’s Encrypt 2.1.0 extension with Webmail support is now available!
We would love to hear your feedback on our forum at http://talk.plesk.com. We’d like to thank everyone who commented on this request and provided invaluable feedback. Thanks!
PS: about Mailserver support – we have it in our plans.
Yes! For me it would be important to have this feature too (https only & webmail without hosting).
Thanks for implement it soon!
I also need Let's Encrypt certificate with webmail service only.
Please add also checkbox for webmail with https only.
Manfred Warta commented
When a customers domain is configured without hosting (he only uses mailservices) there is no way to get the Let's Encrypt certificate for the webmail service.
Additionaly it would be very very good to have a checkbox like in the hosting settings to force webmail will always be https :-)
Mailserver cert generation is still missing.
We stll have to use the workarround with subdomain and aliases.
I've given up with Plesk and gone elsewhere now as I need the ability for sub-domains to use LE and Plesk simply aren't delivering.
Webmail is now supported in version 2.1 (https://github.com/plesk/letsencrypt-plesk/issues/37)
Unfortunately mailserver (https://github.com/plesk/letsencrypt-plesk/issues/64) and mailman interface (https://github.com/plesk/letsencrypt-plesk/issues/169) not!
I have noticed from a recent upgrade of your Lets-Encrypt plugin (2.0) that you now support aliases. Surely this was less important than supporting sub domains? Is there any reason why this was introduced prior to sub-domain implementation?
If I read correctly the extension now allows securing Plesk itself via a certificate from LE. And as far as I know the cert. for webmail and Plesk is identical.
G J Piper commented
We need to make sure the Plesk plugin will allow Let's Encrypt to be used with webmail.domans.tld even when the domain is not hosting a website — only email/webmail.
Please also patch this into the next release of the plugin:
AmaZili Communication commented
@plesk Can we have a planned release date?
Everybody need sub domains (93 voted) (see https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/11283315-add-subdomains-in-one-let-s-encrypt-certificate ) dnd aliases (271 voted) (see https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/15013254-let-s-encrypt-add-domain-aliases?page=4&per_page=20 ).
When you add all requests here and there about enhancing the LE support, its today more than 460 people shouting in the desert...
In addition, we definitely need solution to manage mail servers properly with multiple domains on the same server and proper secure mail connection transport.
This is not a wish, it is mandatory.
SSL /Let's Encrypt/ function for webmail.domain.tld
I'm going to try and post here, but the last two or three times I've tried for some unknown reason, the post always disappears.
Anyway, as of now there is no way to add a certificate to webmail as you can not create your own subdomain called webmail.<domain> as it just tells you that's reserved. All I can suggest is that you set your webmail to the standard HTTP protocol and wait for the "fix" to be implemented.
Is there any reason why your mail clients are using webmail to connect and not using the MX server, or did I read that wrong?
I did try putting forward a suggestion for this process to be sorted along with any other subdomains you wanted and that is to create an array of prefixes which are all included within the certificate. So for arguments sake, you will have a simple space separated text box (or even a textarea with one prefix per line) which would have something like...
for a text box:
webmail sub1 sub2 devices whateveryouwant
for a textarea:
This way users can include whichever subdomain they wish and without the need for Plesk to include "generic" ones. It could simply replace the current "include www as an alternative" check box when you create a Let's Encrypt certificate..
I hope this has formatted correctly but I'm having issues with starting a new paragraph ;) Shift+Enter isn't it?
Any updates? Have just upgraded to Onyx and my mail server setup for multiple domains Plesk is now a nightmare with hostname mismatch errors and invalid certificate errors when mail clients try to connect. Is there a good tutorial guiding us on how to set this up so the certificates on each domain's webmail don't throw errors?
I need this now! Please :/
Marco van Wyngaarden commented
Lets hope it will be fixed asap so we can use correct SSL certs for Webmail access
to have the lets encrypt cert available for the webmail subdomain for horde/roundcube would be great.
Currently, although it can be chosen, it doesn't work.
Eric Oxenberg commented
This feature SEEMS to have been added to Onyx, but the feature is broken. When you assign a Let'sEncrypt SSL to a domain via the plugin or in the mail module, there is a button or checkbox that says "add to webmail" but when activated, webmail is still not locked.
Rob Nester commented
to add to this:
I currently have the following implemented on a manually managed server with Let's Encrypt and this this implementation would benefit others:
I have a single Let's Encrypt cert which is used for postfix. For each domain that I host, I add the mail server as a SAN to this certificate. In this way, i can allow all domains to connect to their respective mail.<domain>.<tld> and get no issues with mismatches.
I think that this idea is easily extendable to add the "standard" mail subdomains (pop, pop3, imap, imap4, smtp) in a similar fashion.
Hopefully this will be similar to the final implementation as I would guess that there are a number of folks who use Plesk to host multiple domains who have customers who don't really enjoy the use of a mail server which doesn't match their domain.