Let's Encrypt: separate cert for webmail (without main domain in SAN)
We have a setup where webmail.example.com and example.com point to another server than our Plesk instance. Because of this we can't enable Let's Encrypt on Webmail since the CSR contains webmail.example.com and example.com.
So I hope you consider adding an option to only create webmail.example.com (without SAN example.com)
Thank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
Alexander Koch commented
As a workround for roundcube:
1. Copy /usr/local/psa/admin/conf/templates/default/webmail/roundcube.php -> /usr/local/psa/admin/conf/templates/custom/webmail/roundcube.php
2. Edit the custom roundcube.php -> Append following Line under Alias /roundcube/ :
Alias /.well-known/acme-challenge "/var/www/vhosts/default/htdocs/.well-known/acme-challenge"
3. plesk sbin httpdmng --reconfigure-all
4. Add Subdomain webmail.domain.tld
5. Secure this Subdomain with Let`s Encrypt
6. Click SSL on the Maindomain, click Advanced Settings and secure webmail with the certificate from the Subdomain
And thats all, i hope this helps.
Gianluca DB commented
We have lot of customers with websites in a server and mail in another, we need this fetaure.
Feature is much needed. We need to be able to secure a webmail even when the domain is not hosted on the server, or when the web hosting is disabled. We need as well, in Obsidian, to be able to generate an email server only certificate.
This request is quite related to https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/18989752-ssl-cert-for-a-domain-frame-forwarder
If you allow generating a certificate for frame forwarder domains, then it should resolve this issue as well.
Plesk, we're not in 1999, SSL/TLS should be anywhere, whenever possible... We're paying premium, then please, serve premium service.
Please implement this. To manually copy certs and keys is very annoying
I agree with the necessity and urgency to implement this functionality. Thank you
We got lots clients, email hosting with us, sites eventually wix, webbly, online services. Can't do what we need to do with Plesk & lets encrypt easily. Always have to load webmail certs separately. Not user- & admin friendly.
Dirk Spahn commented
Would be great to add a Let's Encrypt certificate for a webmail-subdomain without having the www-website on the same machine. Are there any plans to get that feature soon?
John Shiells commented
can we get an update on when this will be working please?
i think this should be considered a BUG instead of a feature request.
Yes, it is a big problem when the web site is using an external CDN or Firewall too - we have customers using Cloudflare or Sucuri WAF and can not secure their webmail URL.. Please work with LE to enable this, thank you.
John Shiells commented
Not having this should be considered a bug, not a feature request.
not being able to issue SSL certs if hosting is off or else ware is a flaw.
please get this implemented ASAP
Popular or not... just act and implement this feature please! Your answer isn't very encouraging... There are many many websites that uses the wix'ses or squarespace'ses in this world for their website and plesk only for the mailboxes. This should be possible...
Taras Ermoshin commented
Currently, when issuing a Let's Encrypt certificate for a domain, it allows only to ADD domain aliases and webmail, and, when issued, it replaces the main domain's certificate.
For example, if a domain is already secured with a paid SSL certificate (which doesn't include "webmail" subdomain), it would be helpful to secure only webmail with a free certificate from LE.