- Plesk 12.5
- Plesk Onyx
- Plesk for Linux
- Plesk for Windows
How to use Let's Encrypt for wildcard certificates in order to secure subdomains like
This feature is available starting from Let's Encrypt 2.6.0.
The ability to issue wildcard certificates is disabled by default. This is because Let’s Encrypt requires the new protocol for wildcard certificate requests and the new protocol might not be as stable as the one currently used.
To be able to issue wildcard certificates it is required to add the following rows to the panel.ini file:
Install the "Panel.ini Editor" extension in Plesk: Plesk > Extensions > view all (under Server Tools group) > Panel.ini Editor > Install;
Go to Plesk > Extensions > My Extensions > Panel.ini Editor > Go To Extension > Editor and add this lines to the panel.ini:
acme-directory-url = "https://acme-v02.api.letsencrypt.org/directory"
acme-protocol-version = "acme-v02"
Then, the opportunity to issue a wildcard certificate appears:
After clicking the Install button, Let's Encrypt will either add a DNS TXT record on its own (if Plesk server is authoritative DNS for the domain) or will provide with the instructions on how to add this record (if DNS is managed by an external server):
After completing with DNS configuring and the DNS TXT
_acme-challenge.<domain>record resolves properly, click the Continue button to issue the certificate.
This iteration of Let's Encrypt wildcard certificate has several limitations:
A wildcard certificate is only assigned to the main domain. To apply it to subdomains, go to Hosting Settings of each subdomain and chose the new wildcard Let's Encrypt certificate in the Certificate drop-down menu.
Wildcard certificates can only be issued manually from the Let's Encrypt screen of a domain. Certificates issued from domain creation screen or with the enabled keep secured option on the service plan will always issue plain (non-wildcard) Let's Encrypt certificates.
Wildcard certificates will not be renewed automatically.
Note: since Let's Encrypt version 2.7.0 expired wildcard certificates are automatically renewed.
These limitations will be fixed in future releases.
Instead of Let's certificates, custom wildcard certificates can be added as usual according to the following article: