Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create cert for webmail #37

Closed
ntimo opened this issue Dec 15, 2015 · 18 comments

Comments

@ntimo
Copy link

@ntimo ntimo commented Dec 15, 2015

Hello,

could you please add support for creating certificates for the webmail subdomain? So we can use the webmail securly.

@EarMaster

This comment has been minimized.

Copy link

@EarMaster EarMaster commented Dec 18, 2015

See #19

@psyopussy

This comment has been minimized.

Copy link

@psyopussy psyopussy commented Apr 14, 2016

@EarMaster, #19 is about SAN's...

anyway,
is there a way to get a cert for the default plesk webmail.mydomein.tld subdomain?

@ankn99

This comment has been minimized.

Copy link

@ankn99 ankn99 commented Jun 22, 2016

I would love to see this too ....

sincerly

@ralerbon

This comment has been minimized.

Copy link

@ralerbon ralerbon commented Jul 19, 2016

I have found a workaround as long as the plugin doesn't support the "real" webmail adress.

http://guido.vonrudorff.de/secure-plesk-webmail-with-ssl/

But on Point .4 it should be HTTPS not HTTP (and the mail.domain.tld was (for me) pre-configured with an A Record for imap and smtp. Have a look on your DNS Template to figured out what of domains are autogeneratet.

I am ashamed for my bad English. ;)

apache

@Liwindo

This comment has been minimized.

Copy link

@Liwindo Liwindo commented Oct 27, 2016

This function is now more important than ever because StartCom will be banned by Mozilla in the near future. So please solve it!

@Ogy

This comment has been minimized.

Copy link

@Ogy Ogy commented Nov 14, 2016

bump

@cutzenfriend

This comment has been minimized.

Copy link

@cutzenfriend cutzenfriend commented Nov 17, 2016

Bump!! This is needed so badly...

@discostur

This comment has been minimized.

Copy link

@discostur discostur commented Nov 24, 2016

Shouldn't be too tricky, or? Just pass an additional subdomain to the letsencrypt-api:

webmail.domain.tld

@tofuSCHNITZEL

This comment has been minimized.

Copy link

@tofuSCHNITZEL tofuSCHNITZEL commented Dec 4, 2016

There already is an option to include www. as a SAN so I propose the following:
For Plesk Onyx (because only in Plesk Onyx you can set a custom cert for webmail) display following option below the "Include www... as an alternative domain name"
[checkbox] Include webmail. as an alternative domain name.
this will make an additional plesk letsencrypt API call analogue to adding the www SAN
if possible it could automatically set the certificate to be used under Mail Settings->SSL/TLS certificate for webmail

unfortunately the files you get from ext.plesk.com are encrypted so I cannot add the changes myself. And without seeing the code used to call the python scripts I cannot add the code for the webmail SAN to my fork of this repo.

@Liwindo

This comment has been minimized.

Copy link

@Liwindo Liwindo commented Dec 6, 2016

Seems they don't want to implement this feature. Would be interesting to know why...

@Ogy

This comment has been minimized.

Copy link

@Ogy Ogy commented Dec 6, 2016

it is not a good idea to have one certificate with a lot of alternatives names
maybe letsencrypt even doesn't support it for security reasons

What they should implement is auto generated ssl for address from MX record and other generic services

+1 for user-defined

@StAn187

This comment has been minimized.

Copy link

@StAn187 StAn187 commented Dec 6, 2016

Looks like the implemented this in Version 17. I now can assign a certificate by letsencrypt to my mailserver.

Edit: Not webmail, mail server (for imaps, smtps), sorry for the confusion I should read the thread title more carefully next time. :-|

@MaxMcBurn

This comment has been minimized.

Copy link

@MaxMcBurn MaxMcBurn commented Jan 17, 2017

+1

@Ogy

This comment has been minimized.

Copy link

@Ogy Ogy commented Mar 2, 2017

@StAn187 Hi, can you, please, tell me a short howto? I still see only include www.@ and automaticaly it doesn't request certificate for webmail.@
[root@plesk ~]# cat /etc/plesk-release
17.0.17 cos7.build1700161028.14

@popothemes

This comment has been minimized.

Copy link

@popothemes popothemes commented Mar 4, 2017

Hello

I am using
[root@plesk ~]# cat /etc/plesk-release
17.0.17 cos7.build1700161028.14

I tried to create certificate with this command
sudo -u psaadm bash /usr/local/psa/admin/plib/modules/letsencrypt/scripts/le-run -d domain.com -d www.domain.com -d webmail.domain.com -d mail.domain.com -d imap.domain.com -d smtp.domain.com

But unfortunate no luck for webmail certification creation its got with following error

[root@server ~]# sudo -u psaadm bash /usr/local/psa/admin/plib/modules/letsencrypt/scripts/le-run -d domain.com -d www.domain.com -d webmail.domain.com -d mail.domain.com -d imap.domain.com -d smtp.domain.com
Warning: Current locale is unusable. Using 'C' instead.

[2017-03-04 15:41:24] ERR [extension/letsencrypt] Execution of /usr/local/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Saving debug log to /usr/local/psa/var/modules/letsencrypt/logs/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domain.com
http-01 challenge for www.domain.com
http-01 challenge for webmail.domain.com
http-01 challenge for mail.domain.com
http-01 challenge for imap.domain.com
http-01 challenge for smtp.domain.com
Starting new HTTPS connection (1): 127.0.0.1
Starting new HTTPS connection (1): 127.0.0.1
Cleaning up challenges
Site "webmail.domain.com" get failure: Site does not exist
Execution of /usr/local/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Saving debug log to /usr/local/psa/var/modules/letsencrypt/logs/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domain.com
http-01 challenge for www.domain.com
http-01 challenge for webmail.domain.com
http-01 challenge for mail.domain.com
http-01 challenge for imap.domain.com
http-01 challenge for smtp.domain.com
Starting new HTTPS connection (1): 127.0.0.1
Starting new HTTPS connection (1): 127.0.0.1
Cleaning up challenges
Site "webmail.domain.com" get failure: Site does not exist

exit status 1
[root@server ~]#

@ctron

This comment has been minimized.

Copy link

@ctron ctron commented Mar 18, 2017

Is there any update on this issue?

@BitElysium

This comment has been minimized.

Copy link

@BitElysium BitElysium commented Mar 25, 2017

They are dragging their but behind the short bus to fix this!

@xgin

This comment has been minimized.

Copy link
Member

@xgin xgin commented May 18, 2017

It is possible to secure webmail with the extension version 2.1.0
Plesk Onyx is minimal required version for the feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.