- Plesk for Linux
- Plesk for Windows
How to use Let's Encrypt for wildcard certificates in order to secure subdomains like
This feature is available starting from Let's Encrypt 2.6.0.
Log into Plesk
Go to Domains > example.com > Let's Encrypt check the Issue a wildcard SSL/TLS certificate option and click on Install
After clicking the Install button, Let's Encrypt will either add a DNS TXT record on its own (if Plesk server is authoritative DNS for the domain) or will provide with the instructions on how to add this record (if DNS is managed by an external server):
After completing with DNS configuring and the DNS TXT
_acme-challenge.<domain>record resolves properly, click the Continue button to issue the certificate.
This iteration of Let's Encrypt wildcard certificate has several limitations:
A wildcard certificate is only assigned to the main domain.
To apply it to subdomains, go to Hosting Settings of each subdomain and chose the new wildcard Let's Encrypt certificate in the Certificate drop-down menu.
New subdomains do not get the wildcard certificate automatically. It has to be selected for them manually as well.
Wildcard certificates can only be issued manually from the Let's Encrypt screen of a domain. Certificates issued from domain creation screen or with the enabled keep secured option on the service plan will always issue plain (non-wildcard) Let's Encrypt certificates.
Wildcard certificates will not be renewed automatically.
Note: since Let's Encrypt version 2.7.0 expired wildcard certificates are automatically renewed.
These limitations will be fixed in future releases.
Instead of Let's certificates, custom wildcard certificates can be added as usual according to the following article: How to install SSL certificate for a domain in Plesk