Email no work after I switched from Let's encrypt SSL to Cloudflare SSL in Plesk

What is the name of the domain?

handmade.group

What is the issue you’re encountering

The email no longer works after I switched from Let’s encrypt SSL to Cloudflare SSL in Plesk

What steps have you taken to resolve the issue?

I changed and deleted the DNS without any result

What are the steps to reproduce the issue?

Due to the fact that every 3 months when the certificate from Let’s encrypt expires, when generating a new certificate, I had to change the DNS in Cloudflare, especially the “_acme-challenge” DNS with the new value, I chose to change the certificate and use a certificate from Cloudflare whose life is longer (15 years). Although the fraud was quite easy and everything went without problems (I currently use the certificate from Cloudflare), I noticed that I don’t receive emails on the site from users who use gmail, and I can’t send automatic order confirmation emails, etc. using PHPMailer . The strange thing is that you receive emails from Yahoo without any problem and we can also send emails using Webmail.

Google’s mta-sts reported to us that:
“organization-name”:“Google Inc.”,“date-range”:{“start-datetime”:“2024-08-01T00:00:00Z”,“end-datetime”:“2024-08-01T23: 59:59Z”},“contact-info":"[email protected]”,“report-id”:“2024-08-01T00:00:00Z_handmade.group”,“policies”:[{ “policy”:{“policy-type”:“sts”,“policy-string”:[“version: STSv1”,“mode: enforce”,“mx: mail.handmade.group”,“max_age: 31536000”] ,“policy-domain”:“handmade.group”,“mx-host”:[“mail.handmade.group”]},“summary”:{“total-successful-session-count”:3,“total- failure-session-count”:97},“failure-details”:[{“result-type”:“certificate-not-trusted”,“sending-mta-ip”:“209.85.160.178”,“receiving-ip “:”[ip server]”,“receiving-mx-hostname”:“mail.handmade.group”,“failed-session-count”:1}

I searched all the sources on the internet and I did not find any similar situation. From my experience, I think it’s something related to DNS, but I can’t figure out where the mistake is.

Any idea is welcome. thank you

Screenshot of the error

Cloudflare is not a publicly trusted CA, so any Origin certificate will never work in a public context but only when proxied, which does not work for emails either. You will need to keep using Let’s Encrypt or any other publicly trusted certificate.

1 Like

This is task is not meant to be performed manually. The primary benefit from using an ACME certificate authority is the ability to automate certificate renewal. Focus on automating your Let’s Encrypt certificate renewal process and the pain will go away once you have completed that change. The Let’s Encrypt Community is a good place to seek assistance with that goal.

You may be right. but I know that every time the value that must be entered in DNS is different, so even though the certificate renews itself automatically, I have to do the rest of the process manually and edit the DNS in Cloudflare.

That’s a fair reason to use an Origin certificate, but it still is not publicly trusted.

You will need to use a certificate issued by a publicly trusted authority with your email. If you want help with Let’s Encrypt certificate automation, the link I shared in my previous reply is a good place to seek it.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.