Add possibility issue Let's Encrypt SSL certificate for mail server when the "A" DNS record for domain is pointing to another server
This feature is required for users with the configuration when on the Plesk only mail server for domain is used.
"A" DNS record for mail.example.com is pointing to Plesk server, when when "A" record for example.com is pointing to another server.
Thank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG
-
Ángel Leiva commented
This is absolutely essential. Configuring domains solely for email services on Plesk can be quite cumbersome. To maintain SSL certificates, you have to create subdomains like "mail.domain.com", and the renewal process sometimes fails, which complicates things further.
-
Josh commented
cPanel has been able to do this for years using DNS challenges. Now, trying to migrate all of our clients to Plesk is becoming a challenge. We don't have a huge amount of email only clients but our resellers do, we'll definitely hear it from them.
This has been a request on this site since beginning of 2020, so over 4 years ago. Since every browser and email program requires SSLs, why hasn't this moved up the list yet?
Very frustrating, this should be a critical feature to be implemented...
-
Anonymous commented
Now that Mailman3 is supported on Debian 12, can you also add the ability for adding a Let's Encrypt SSL certificate for the list subdomain when the domain is not pointing to the Plesk server?
-
Andreas Schnederle-Wagner commented
I've made a small Script to work around this issue. Should be pretty self explanatory and easily adjustable to custom needs - hope it helps some of you as Plesk isn't going to fix anything soon as it seems ... 🙄
https://github.com/futureweb/Plesk-Postfix-SNI-TLS-Cert-Fixer
-
Moein Alinaghian commented
This function is critical for us and probably a reason to move to cPanel.
Here is my temporary solution for it:
https://gitlab.com/nixoeen/plesk-mail-sni -
FutureX commented
Is this a joke? This makes no sense that this problem persists!
That means we can't sell 'email only' accounts?!
-
Anonymous commented
Yes will be usefull
-
Benoît commented
It would also be useful to be able to create a certificate for mail.example.com when the "Hosting Type" option is set to "No Hosting" (whereas the domain points or not to the server)
It would be just as creating a certificate for "webmail.example.com" works now, I guess ?
-
Iceman commented
So this was posted FOUR years ago and the basic functionality does not exist, still?
But I'm confused. What is Plesk saying in these docs then about the subdomain of "mail" being secured...
https://docs.plesk.com/en-US/obsidian/customer-guide/websites-and-domains/securing-connections-with-ssltls-certificates/protecting-webmail-and-mail-with-ssltls-certificates.76531/Specifically the section - "3 Assigning an SSL/TLS certificate to Mail for a Domain"
Am I completely missing something?... or is the Plesk documentation incorrect?
Cheers.
-
Lukáš Bauer commented
Lets do it! CRITICAL
-
Michael Mussulis commented
Can you please qualify "popular" please? This is an old feature, reported in 2019, and still BADLY required today in 2024. I have had this problem with the mail server using a subdomain like "mail.somedomain.com" and LE can not cope with it. Halfway through my email stops working.
This is a CRITICAL requirement, and should not be treated as a would be nice feature request. You are providing SSL certificates support through LE for securing the website and other components, but this functionality is incomplete because it is not designed to cope with subdomains in zones managed externally.
-
Ángel Leiva commented
CRITICAL!
-
Paul Cameron commented
I echo the comments below. Like with Hover and OpenSRS who also provide mail hosting, they DO NOT require A records for example.com to point to their servers hosting mail.example.com
-
Yeshourun commented
Unacceptable that this isn't a feature yet. Not only is it completely necessary, as is clear by the comments and votes, this shouldn't be a popularity competition for a feature that is so essential to the normal functioning of a server. Anyone with more than 2 hosting clients will have clients that just want mail while their root A record is pointed elsewhere. I'm incredibly disappointed with Plesk's lukewarm response to this crucial security feature.
-
Frederik Vedel commented
How is this not a thing yet ...
-
TomBob commented
yes, yes, yes, PLEASE
+3
-
Mister Domain commented
A must-have feature, as Plesk did with the separated certificate for webmail long time ago, but for "mail" is more crucial.
-
Markus Brecher commented
This feature needs to be prioritized. It fills a crucial gap in functionality and aligns perfectly with user needs and industry trends, as mails are commonly hosted on different servers. The status quo renders plesk difficult to use for mails.
-
wurzenrainer commented
This feature is more then cruical for us! Please listen too the users and add this feature already...
-
Florian Mitterer commented
This holds great importance for us as this particular configuration is utilized by numerous domains belonging to our SAAS CMS Customers. Additionally, we also host mail-only packages from Plesk. However, we have encountered an issue where Let's Encrypt is not available for the mail.example.com domain since no website is provisioned for it. While Let's Encrypt is available for webmail.example.com, using it with imaps/smtps as the hostname results in a mismatched certificate warning for end users. This discrepancy seems to be a bug in the SSL IT extension, rather than a simple feature request.
This is a must functionality.