Symptoms
-
Let's Encrypt SSL certificate securing mail has been renewed on the Plesk server.
- Mail server name is specified correctly in settings of mail client (iOS mail and MacOS mail). It matches the server name in the certificate at Plesk > Tools & Settings > SSL/TLS Certificates > Certificate for securing mail.
-
Mail users with iOS / MacOS devices cannot access mail after certificate renewal on Plesk server. The following error appears in UI:
Cannot Verify Server Identity
Settings cannot verify the identity of "mail.example.com". Would you like to continue anyway?
-
In iOS / MacOS mail client there is no "Trust" button on "Details" screen in the upper-right corner.
Cause
iOS / MacOS issue: system does not allow the user to "trust" a SSL/TLS certificate after renewal
Resolution
There are two possible solutions:
Solution 1. Recreate mail accounts devices
- Remove mail account from iOS / MacOS device.
- Re-create email account on iOS / MacOS device.
Solution 2. Manually install and allow using required SSL certificates from device settings:
- Get the certificate. The certificate can be exported from the browser to a .cer file:
- Press F12 > Security > View certificate.
- On the new opened window go to the Details tab and click on Copy file.
- It will open the export wizard. Click on Next.
- Select "DER binary coded X.509 (.CER)" and click Next.
- Select a name for the file and click Next
- Review the information and click on Finish
- Upload the .cer file on iOS device through email, Safari browser or File Sharing and install it by clicking/tapping on the uploaded file.
- Set up the email account.
- If more information is needed on the certificate, it can be found in: Settings > General > Profile.
Note: Interfaces on different versions of iOS / MacOS may vary.
with