Symptoms
-
When trying to connect to a mailbox on a Plesk server using SSL/TLS (POP3S on port 993 or IMAPS on port 465) the connection is not established
-
The error below can be found in the file
/var/log/maillog:dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=XXX.XXX.XXX.XXX, TLS: SSL_read failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<kdjKIaiqCyC/t2TL>
Cause
The SSL certificate securing the mail server at Tools & Settings > SSL/TLS certificates is different from the mailbox that is being configured.
Note: SNI support is not available to the Postfix mail server on Plesk Onyx, more details here.
Resolution
Plesk Onyx
Upgrade Plesk server from Onyx to Obsidian, since Plesk Obsidian has SNI support.
Note: In case update to Plesk Obsidian is not possible, the domain, in which SSL certificate is protecting mail server in Tools & Settings > SSL/TLS certificates, should be configured as mail server address on the mail client software (Outlook, Thunderbird, etc.).
Plesk Obsidian
Secure mail on the domain by using the instructions from the article below:
How to assign a SSL certificate per domain to secure the mail server in Plesk (SNI support)
with