When enabling HSTS with the new SSL It! Extension (https://www.plesk.com/extensions/sslit/), this is also applied to mailman interface, but since it uses an invalid certificate this site is no longer reachable!

>We will consider this functionality in upcoming releases if it will be popular.
How can this be a question at all?
GDPR/DSGVO requires https if there is any exchange of personal data via the web.

Absolutely necessary !

this is essential

As mailman can't be used in an GDPR compliant fashion without https:// , this is mandatory.
I am surprised that this needs explanation at all.

I don't understand why list subdomain cannot be covered by Let's Encrypt as for example webmail. Nowaday it's almost obligatory. Best Regards

Since mailman is broken when using HTTPS redirect with Letsencrypt on the main subscription domain, I would kindly ask you to fix this or remove the mailman feature completely.

I would like to see list.domainname.com to becovered by the Let's Encrypt extension of Plesk.

I agree this is essential for the mailing-list sign-up forms and admin forms. ALL web browsers are now issuing warnings when you attempt to fill in a form over a non HTTPS connection. This will definitely limit people signing up to mailing lists from the default signup forms.
Again a big lose c/f Cpanel here!

With Google Chrome supposedly "warning" people whenever they load an insecure site starting in July 2018, this would seem to be a must...

I agree with H. Dolderer, this is a must for current systems - also given that in certain combinations of using SSL for Plesk and the corresponding website, it is otherwise impossible to access the admin interface right now!
Also, looking at the implementation effort, this should almost be zero since the same has been done for the webmail system already. Thus, it is disappointing to read a statement like "we might eventually implement this at some point (> 10 years...?) in the future"...

Mailing lists (lists.domain.tld) administration is currently not secured by SSL certificates. Support for SSL/TLS and Let's Encrypt would be helpful for protecting personal data (email addresses) of users.

I think this is no question of voting. It's a must have for customers in Europe to use mailman in a legal manner since May 25.2018. General Data Protection Regulation in Europe doesn't allow to transfer personal data unsecured over the internet. (Art. 5 lit f. GDPR).

Oh yes. I really would love to see that implemented.

No valid SSL certificate can be included in the URL of the mailing list.
For the future I recommend to offer a possibility to encrypt the URL using Lets Encrypt for the mailing list login.

You're right, it is currently not supported: https://support.plesk.com/hc/en-us/articles/115002810634

However, given the comment from darkdragen, I agree that the service should be secured the same way as it has been done already for the webmail subdomains.

This could be done in the process of supporting custom certificates for webmail interface:
https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/5946390-add-management-of-webmail-ssl-certificates

As far as I'm informed it is currently not possible to secure the mailman Webinterface with multiple domain specific Certs. (e.g. on a shared server: list.domain1.tld, list.domain2.tld, ...).

Would it be possible to add this in the near future?