**Securing Plesk and the Mail Server with SSL/TLS Certificates**

SSL/TLS certificates protect sensitive data by encrypting connections between clients and servers. During Plesk installation, both Plesk and the mail server are typically secured with a free SSL/TLS certificate from Let’s Encrypt. If this automatic process fails, you can manually secure both Plesk and the mail server using either a Let’s Encrypt certificate, a certificate from another certificate authority, or a self-signed certificate.

**Securing with Let’s Encrypt**

Let’s Encrypt provides free SSL/TLS certificates. To manually secure Plesk and the mail server with a Let’s Encrypt certificate:

1. **Ensure the Let’s Encrypt Extension is Installed**

   - Go to **Tools & Settings > SSL/TLS Certificates** (under "Security").

2. **Issue the Let’s Encrypt Certificate**

   - Click **+ Let’s Encrypt**.

   - Verify the email address for notifications.

   - Click **Reissue**.

   The Let’s Encrypt certificate will secure Plesk automatically.

3. **Secure the Mail Server**

   - Click the **[Change]** link next to “Certificate for securing mail”.

   - Select **Let’s Encrypt certificate (server pool)** from the drop-down list and click **OK**.

   Both Plesk and the mail server are now secured with the Let’s Encrypt certificate.

**Securing with a Certificate from Other Certificate Authorities**

If Let’s Encrypt is not used, you can secure Plesk and the mail server with a certificate from another certificate authority:

1. **Add a New Certificate**

   - Go to **Tools & Settings > SSL/TLS Certificates** (under "Security") and click **+ Add**.

   - Fill in the required fields, particularly:

     - **Certificate name**: Provide a recognizable name.

     - **Bits**: Use the default value (4096) for security.

     - **Domain name**: Ensure it matches the server hostname.

   - Click **Request**.

2. **Generate and Submit CSR**

   - Copy the CSR from **List of certificates in server pool**.

   - Visit the certificate authority’s website, paste the CSR, and complete the certificate ordering process. Save the received SSL/TLS certificate.

3. **Upload and Apply the Certificate**

   - Go back to **Tools & Settings > SSL/TLS Certificates**.

   - Click **Choose file** under “Upload the certificate here”, select the .crt file, and click **Upload Certificate**.

   - Secure Plesk by clicking **[Change]** next to “Certificate for securing Plesk” and selecting the uploaded certificate.

   - Repeat the process for “Certificate for securing mail”.

**Securing with a Self-Signed Certificate**

A self-signed certificate can be used if Let’s Encrypt or a certificate authority is not an option:

1. **Add a Self-Signed Certificate**

   - Go to **Tools & Settings > SSL/TLS Certificates** (under "Security") and click **+ Add**.

   - Fill in the required fields:

     - **Certificate name**: Provide a recognizable name.

     - **Bits**: Use the default value (4096).

     - **Domain name**: Ensure it matches the server hostname.

   - Click **Self-Signed** to generate the certificate.

2. **Apply the Self-Signed Certificate**

   - Secure Plesk by clicking **[Change]** next to “Certificate for securing Plesk” and selecting the self-signed certificate.

   - Repeat the process for “Certificate for securing mail”.

**Important Note**: After securing the mail server with any SSL/TLS certificate, access mail using the domain name of the Plesk server or a domain with an individual SSL/TLS certificate. This helps avoid issues with mail client verification and ensures proper mail functionality.