Secure Plesk Webmail

Here’s how I install SSL certificates for Horde and Roundcube bundled with Plesk 12.0.18 to remove chain issues, and keep the certificate in scope of Plesk backups.


Firstly, install your webmail certificate in…

And then go to…

Get the file names for the webmail certificate and CA certificate and make a custom horde and roundcube template (paths to follow) adding the following directives.


Apache files (horde.php and roundcube.php)

Nginx File (nginxWebmailPartial.php)

I do this because the CA directives are missing from the default Apache2 templates.


Templates are located here..

copy the above files to

and then edit the files..


You need to find and replace the SSL directive/s in the template files and replace with the ones above.

horde.php line 83, and roundcube.php line 86


nginxWebmailPartial.php, there’s a big chunk you need to remove, lines 10 to 26 (in your file)…

Becomes something like…

You can see I have also added ssl_session_cache in there along with HSTS, OCSP, dhparam and ECDH Curve.
Now regenerate the conf files with…

Your webmail will now be properly secured and you won’t get any chain issues when testing your site at ssllabs.

Please note CentOS paths are different. The psa folder is located in /usr/local/.

Thanks for reading, I am working on formatting this article better so you can copy and paste directives like previous guides, unfortunately the code tags wouldn’t wrap the above php sections.