Secure Plesk Webmail with SSL

Plesk 12.5 (together with the Let's Encrypt plugin) is a convenient tool that comes with batteries included for most cases. However, webmail is only accessible via SSL with the self-signed certificate by default. Some people suggest patching the config files (which potentially gives problems after updates), but here is a different approach that works with the frontend functionality only.

Imagine, we have the website example.com in plesk 12.5 with webmail enabled. In this case, the default webmail address is webmail.example.com. To offer SSL-protected webmail, follow these steps:
1. Add a new subdomain, e.g. mail.example.com, to plesk.
2. Set its SSL certificate as usual (or using the Let's encrypt plugin)
3. Enable mod_proxy and proxy_http as apache modules.
4. Set the directives for Apache as follows for HTTP (not HTTPS!):

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule "^/.well-known/acme-challenge/.*" - [L]
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

5. Set the directives for Apache as follows for HTTPS:

ProxyRequests Off
ProxyPass / http://webmail.example.com/

You may also like...

6 Responses

  1. moinsen says:

    Thanks! This is a good workaround as long "Lets Encrypt" doesn't support the "static/whatever" webmail.domain.tld DNS record.

    But under 4. It should be HTTP>>S<<

    Sorry for my bad English..

  2. Guido says:

    @moinsen: Thanks for spotting this. Updated.

  3. Leif says:

    Hey,
    I works for me but there aren't any stylesheets because it get's a 404 not found, any ideas?

  4. Akim says:

    Hi. Thank you for sharing.

    I don't understand in step 4 and 5. Where should you put what ? .htaccess in the mail.mydomain.ltd folder ?

    I have created a subdomain mail.mydomain.ltd

    Where is it indicated that any requests to http://mail.mydomain.ltd or https://mail.mydomain.ltd should be redirected to https://webmail.mydomain.ltd ?

    and if you do so anyway, the letsencrypt certificate will be vaild for mail.mydomain.ltd not for webmail.mydomain.ltd. I'm a bit lost here. Can you clarify a bit ?

    • Akim says:

      For instance. I think I found where to put data from 4 and 5. It's in the mail.mydomain.ltd Apache settings page. Correct ?

      I've copied-pasted the directive in your article. Just changed the last line 5 to webmail.mydomain.ltd

      A redirection error.

      then I still need to understand how the redirection is handled.

Leave a Reply

Your email address will not be published.