Knowledge Base

How to secure a Plesk mail server with an SSL certificate (Let’s Encrypt / other certificate authorities)

Question

How to secure a Plesk mail server with an SSL certificate from Let's Encrypt or other certificate authorities?

Answer

Note: After configuring an SSL certificate for a Plesk mail server, use the domain name from this SSL certificate, when connecting to the Plesk mail server. Advise your customers to do the same. For details, see this KB article.

Alternatively, secure mail server with an SSL certificate for each domain separately.

Securing a Plesk mail server with a free Let's Encrypt certificate

Log in to Plesk.
Once installed, go to Tools & Settings > SSL/TLS Certificates (under Security).
Click Let's Encrypt.

Note: If the Let's Encrypt extension is not installed, install it from Plesk Extensions catalog.
Make sure the Domain name and Email address fields contain a valid information:
- Domain name will be used as an incoming and outgoing mail server when setting up an email account in a mail client. This domain must point to your Plesk server.
- Email address will be used to receive important notifications and warnings.
Click Install. At this stage, an SSL certificate from Let’s Encrypt is generated and set to secure Plesk on port 8443 automatically. This certificate will be auto-renewed every 90 days.
Now, to secure a Plesk mail server, click [Change] next to Certificate for securing mail.
In the drop-down list, select Lets Encrypt certificate (server pool) and click OK. Here is the final look:

Securing a Plesk mail server with an SSL certificate from other certificate authorities

Log in to Plesk.
Go to Tools & Settings and click SSL/TLS Certificates.
On the SSL/TLS Certificates page, add your certificate:

Warning: Make sure to include the CA certificate in the certificate chain to avoid errors when connecting with the mail clients.

Note: If you are experiencing issues with a certificate installation, contact your certificate seller and ask for instruction for Plesk.
- If an SSL certificate is stored in a single *.crt file:
  
  Click Browse... to select a certificate file. Then click Upload Certificate.
- If an SSL certificate is stored in the form of *.key and *.crt files:
  
  Click Add under List of certificates in server pool and scroll down to the Upload the certificate files section and upload these files. If both the certificate and the private key parts of your certificate are contained in a *.pem file (you can check it by opening the *.pem file in any text editor), just upload it twice, both as the private key and the certificate. Click Upload Certificate once finished.
- If an SSL certificate is stored as a text:
  
  Click Add under List of certificates in server pool and scroll down to the Upload the certificate as text section. There, paste the certificate and the private key parts into the corresponding fields. Click Upload Certificate when you have finished.
Click [Change] next to Certificate for securing mail > select an uploaded certificate > click OK. Now mail server is secured with an SSL certificate.