Let's Encrypt: separate cert for webmail (without main domain in SAN)
We have a setup where webmail.example.com and example.com point to another server than our Plesk instance. Because of this we can't enable Let's Encrypt on Webmail since the CSR contains webmail.example.com and example.com.
So I hope you consider adding an option to only create webmail.example.com (without SAN example.com)

Thank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— rk
-
Raphael Häner commented
This is a very important suggestion
-
Plesk Tech Support commented
-
Plesk Tech Support commented
For now, it is possible to configure HTTPS redirect for webmail if domain itself is secured with LE certificate as described here https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/31900489-redirect-from-http-to-https-for-secured-webmails
However, if the domain has "No hosting" type, it is not possible to secure webmail separately. I can see the feature request for this https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/20093866
However, I would like to add one more ability - ability to configure HTTPS redirect for webmail separately, when domain has "No hosting" type.
-
Alexandre Féron commented
This is definitely a must-have in the current times : a lot of us have separate servers for WEB and for MAIL.
-
Tom commented
We'd love to see this feature for our Plesk servers. It's quite the mandatory feature, as it's needed more and more. We really dislike to have to say "no" to our customers.
-
Anonymous commented
Please do this,a lot of clients have external web sites and I am lost, can't issue SSL when website is hosted outside plesk, can't even force the system to use DNS challenge instead of web site challenge, can you help?
-
Carsten commented
We are hosting our platform on aws and our mail server on a different hosting with plesk (strato, Germany). So we also highly need a solution or a work around , to apply LE in this setup.
-
Nikolai Graf-Rüssel commented
I need this too!
-
Alexander Koch commented
As a workround for roundcube:
1. Copy /usr/local/psa/admin/conf/templates/default/webmail/roundcube.php -> /usr/local/psa/admin/conf/templates/custom/webmail/roundcube.php
2. Edit the custom roundcube.php -> Append following Line under Alias /roundcube/ :
Alias /.well-known/acme-challenge "/var/www/vhosts/default/htdocs/.well-known/acme-challenge"
3. plesk sbin httpdmng --reconfigure-all
4. Add Subdomain webmail.domain.tld
5. Secure this Subdomain with Let`s Encrypt
6. Click SSL on the Maindomain, click Advanced Settings and secure webmail with the certificate from the SubdomainAnd thats all, i hope this helps.
Greetz Alex
-
Gianluca DB commented
We have customers with their domain's websites in one server and mail service of the same domain in another server, we need this feature please.
-
Robin commented
Feature is much needed. We need to be able to secure a webmail even when the domain is not hosted on the server, or when the web hosting is disabled. We need as well, in Obsidian, to be able to generate an email server only certificate.
This request is quite related to https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/18989752-ssl-cert-for-a-domain-frame-forwarder
If you allow generating a certificate for frame forwarder domains, then it should resolve this issue as well.Plesk, we're not in 1999, SSL/TLS should be anywhere, whenever possible... We're paying premium, then please, serve premium service.
-
Anonymous commented
Please implement this. To manually copy certs and keys is very annoying
-
Riccardo commented
I agree with the necessity and urgency to implement this functionality. Thank you
-
TomBob commented
We got lots clients, email hosting with us, sites eventually wix, webbly, online services. Can't do what we need to do with Plesk & lets encrypt easily. Always have to load webmail certs separately. Not user- & admin friendly.
-
Dirk Spahn commented
Would be great to add a Let's Encrypt certificate for a webmail-subdomain without having the www-website on the same machine. Are there any plans to get that feature soon?
-
John Shiells commented
can we get an update on when this will be working please?
i think this should be considered a BUG instead of a feature request.
-
Anonymous commented
Yes, it is a big problem when the web site is using an external CDN or Firewall too - we have customers using Cloudflare or Sucuri WAF and can not secure their webmail URL.. Please work with LE to enable this, thank you.
/Fran -
John Shiells commented
Not having this should be considered a bug, not a feature request.
not being able to issue SSL certs if hosting is off or else ware is a flaw.
please get this implemented ASAP
-
Koert commented
Popular or not... just act and implement this feature please! Your answer isn't very encouraging... There are many many websites that uses the wix'ses or squarespace'ses in this world for their website and plesk only for the mailboxes. This should be possible...
-
Taras Ermoshin commented
Currently, when issuing a Let's Encrypt certificate for a domain, it allows only to ADD domain aliases and webmail, and, when issued, it replaces the main domain's certificate.
For example, if a domain is already secured with a paid SSL certificate (which doesn't include "webmail" subdomain), it would be helpful to secure only webmail with a free certificate from LE.