Add Mailman support to Let's Encrypt
Please add Mailman support to Let's Encrypt.
Ideally, one could issue either a certificate directly for lists.domain.com or a wildcard certificate for *.domain.com.
Furthermore, a secure connection should be enforceable.
Thank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
Does anyone know if CPanel encrypts their implementation of Mailman? If so, then Plesk will follow suit.
Here's to hoping that Plesk will someday become the leader rather than the follower.
Alex Presland commented
Let's Encrypt now supports wildcard certificates on Plesk, so there is no good reason why the mailman interface shouldn't be able to be secure too.
You offer a Webpage Tool without https?
How can this be a discussion? Properly protecting webtraffic is standard nowadays!
Users are trained to only access secure pages and mailman isn't one?!
When enabling HSTS with the new SSL It! Extension (https://www.plesk.com/extensions/sslit/), this is also applied to mailman interface, but since it uses an invalid certificate this site is no longer reachable!
>We will consider this functionality in upcoming releases if it will be popular.
How can this be a question at all?
GDPR/DSGVO requires https if there is any exchange of personal data via the web.
Absolutely necessary !
this is essential
As mailman can't be used in an GDPR compliant fashion without https:// , this is mandatory.
I am surprised that this needs explanation at all.
I don't understand why list subdomain cannot be covered by Let's Encrypt as for example webmail. Nowaday it's almost obligatory. Best Regards
Alex cyberweb commented
Since mailman is broken when using HTTPS redirect with Letsencrypt on the main subscription domain, I would kindly ask you to fix this or remove the mailman feature completely.
I would like to see list.domainname.com to becovered by the Let's Encrypt extension of Plesk.
I agree this is essential for the mailing-list sign-up forms and admin forms. ALL web browsers are now issuing warnings when you attempt to fill in a form over a non HTTPS connection. This will definitely limit people signing up to mailing lists from the default signup forms.
Again a big lose c/f Cpanel here!
With Google Chrome supposedly "warning" people whenever they load an insecure site starting in July 2018, this would seem to be a must...
I agree with H. Dolderer, this is a must for current systems - also given that in certain combinations of using SSL for Plesk and the corresponding website, it is otherwise impossible to access the admin interface right now!
Also, looking at the implementation effort, this should almost be zero since the same has been done for the webmail system already. Thus, it is disappointing to read a statement like "we might eventually implement this at some point (> 10 years...?) in the future"...
Mailing lists (lists.domain.tld) administration is currently not secured by SSL certificates. Support for SSL/TLS and Let's Encrypt would be helpful for protecting personal data (email addresses) of users.
Harald Dolderer commented
I think this is no question of voting. It's a must have for customers in Europe to use mailman in a legal manner since May 25.2018. General Data Protection Regulation in Europe doesn't allow to transfer personal data unsecured over the internet. (Art. 5 lit f. GDPR).
Hans-Joachim Maier commented
Oh yes. I really would love to see that implemented.
Rogé Capaul commented
No valid SSL certificate can be included in the URL of the mailing list.
For the future I recommend to offer a possibility to encrypt the URL using Lets Encrypt for the mailing list login.
You're right, it is currently not supported: https://support.plesk.com/hc/en-us/articles/115002810634
However, given the comment from darkdragen, I agree that the service should be secured the same way as it has been done already for the webmail subdomains.