Question
Is it possible to secure the mail server mail.example.com
with Let's Encrypt SSL certificate when the A record for example.com
is pointing to another server?
Answer
Since versions 1.16.0 of the SSL It! extension and 3.2.9 for the Let's Encrypt extension for Plesk were released (14 January 2025), it is possible to secure only the mail.example.com
, if example.com
is pointed to another server IP via its DNS A record, however that can only happen after you change the hosting type of the domain on the side of Plesk to No web hosting.
Once the change of hosting type is made, you would be able to secure the mail subdomain only:
If you cannot change the hosting type of your domain to No web hosting for some reason, you may instead apply one of the following workarounds:
Click on a section to expand
Use an SSL certificate from another SSL vendor
As an alternative, you may purchase an SSL certificate from another SSL vendor (not Let's Encrypt) and install it for your domain by using it while following the steps in this article:
How to install an SSL certificate from 3rd party certificate authorities for a domain in Plesk?
Afterwards, you should set up the SSL to be using for Mail purposes by using the steps on this page of the Plesk Obsidian documentation:
Protecting Webmail and Mail with SSL/TLS Certificates | Plesk Obsidian documentation
Create the mail. subdomain in Plesk separately and secure it with another Let's Encrypt SSL
Warning: Settings certificate for mail from different domain is temporary solution. Each Let's Encrypt certificate renewal will delete old certificate and new certificate will be issued. Due to that old certificate on example.com will be unchecked. So each Let's Encrypt certificate renewal requires to assign certificate on domain manually or with script again.
- Create a separate web hosting enabled subdomain mail.example.com
- Go to Domains > mail.example.com > Dashboard > SSL/TLS Certificates
- Issue a new and separate Let's Encrypt SSL certificate for this subdomain
- Go to Domains > example.com > Mail > Mail Settings
- Set the SSL/TLS certificate for mail to Let's Encrypt mail.example.com
- Press Apply
Note: In case example.com has no web hosting, it's necessary to create a new separate Subscription for the subdomain mail.example.com.