New Windows server, interfacing with Plesk Onyx 17.8.11
When I connect to server with Plesk, Chrome shouts at me that the connection is not secure. Fine. From Plesk-->Tools & Settings-->Security/SSL/TLS Certificates
From that page, a helpful " + Let's Encrypt" button. Clicking this loads a very promising page:
"Secure Plesk With a Let's Encrypt Certificate"
Two fields, both required: Domain Name (which is helpfully already filled in with by server hostname, in the format s12-345-678-90.secureserver.net). I've changed the server address here, but Plesk is loading the correct one for my server hostname. The other field is an email contact.
This all seems great, and looks and follows exactly the instructions ("Securing Plesk and the Mail Server With a Certificate from Let's Encrypt") provided here: https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/securing-plesk/securing-p...
But when I click "Install" (step 5 in that link above), we get a red error message: Authorization for the domain failed, DNS problem: NXDOMAIN looking up A for s12-345-678-90.secureserver.net.
Further adventures on this problem. I have managed to "secure" Plesk and the email server (in my case, the default installed MailEnable). My solution at present feels like a workaround and inadequate.
To get this to work using the process above, I supposedly needed to have a resolvable domain. So I set up the A record of MyAwesomeDomain to point to my VPS server IP, and created a CNAME record I called "server" that points to the A.
So now, in the process I describe above, I replace s12-345-678-90.secureserver.net with server.MyAwesomeDomain.com
Plesk now accepts this, and you can follow the instructions and everything works. You can now access the Plesk admin panel through https (https://server.MyAwesomeDomain.com:8443), your email clients now recognize IMAP STARTTLS as an option for other domains on your VPS, where before only unsecured options were available.
Except. Because you have now tied the email server on your VPS to an SSL certificate that is associated with a particular domain (the only way I could get the instructions to work!), you have what I consider to be an unacceptable problem. Other domains on your server, lets say www.MyAwesomeCustomerABC.com, when they try to setup their domain (and leverage the Let'sEncrypt SSL in the usual way, which I admit works awesomely for their now-https-enabled web pages), quickly discover a serious issue. While they are able to use the email server on your VPS, and secure SSL connections are permitted with it, email clients (like Thunderbird, or the mail app on an iPhone) are going to scream during the setup process that you are attempting to secure an email account through a domain that is using another domain's certificate.
This can't be the way things are done. Where have I gone wrong? Surely when you buy a VPS you can get working, secure SSL email behavior for the various domains on your server without all these shennanigans right out of the box?