Let’s encrypt fails to secure webmail, when webmail is hosted on other server: Missed domain names failed to pass validation: webmail.example.com

Symptoms

• The following mail is received:

  Could not secure domains of John Doe (login admin) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
   
   Securing of the following domains has failed:
   
   'example.com'
   Missed domain names failed to pass validation: webmail.example.com

• Webmail is hosted on a different server than Plesk

  # host webmail.example.com
   example.com has address 203.0.113.2
   # host example.com
   webmail.example.com has address 203.0.113.3

• Secure webmail on domain option is not selected for the SSL certificate issuing.

• Webmail enabled for the domain in Domains > example.com > Mail Settings > webmail > Horde or Roundcube.

• In Plesk under Domains > example.com > SSL/TLS Certificate the option Keep websites secured​ is enabled.

Cause

This is Expect behavior. When option Keep websites secured​ is enabled it secures webmail as well, if webmail is enabled no matter where this webmail is hosted. The message should be more descriptive which is acknowledged in our system with ID EXTLETSENC-496

Resolution

Until a feature is released apply the following workaround:

1. Log into Plesk
2. Navigate to Domains > example.com > Mail Settings:
3. Set Webmail to None:
   
   
4. Click on OK