How to install wildcard certificates in Plesk with Let's Encrypt?

Follow

Comments

43 comments

  • Avatar
    JB

    @Konstantin

    Thanks for your reply. The issue I am having is that the wildcard certificate doesn't appear in the drop down menu for the subdomain as in your example.  The only certificate that appears is 'Lets Encrypt sub3.example.com (sub3.example.com)' which is the previous certificate (not wildcard) created for that subdomain.

    If I create a new subdomain then the wildcard certificate is available so it seems that this issue only effects existing subdomains.

    Any further advice would be much appreciated.

    Thank you 

     

    0
    Comment actions Permalink
  • Avatar
    Alexandr Redikultsev

    Hi @JB,

    Are you sure that affected sub-domains are actually a sub-domains in terms of business logic or its just a domains that are called like a sub-domains? You can easily understand that by checking whether or not sub-domain has mail settings tab (as there is not mail service for the true sub-domains, not yet at least).

    But in all the cases you can just try to fix relation in the database as described here: https://support.plesk.com/hc/en-us/articles/360000247373-Unable-to-select-a-wildcard-SSL-certificate-for-a-subdomain-in-Plesk-SSL-certificate-is-not-available-for-selection 

    1
    Comment actions Permalink
  • Avatar
    JUSTIN BUCKLEY

    So I have a situation where a client has created a wildcard subdomain in Plesk, *.domain.com, for a particular web app. This site hosts user profiles with the URL format 'user.domain.com'. I created a wildcard cert per the intructions above, but I'm unable to select it in the hosting setting for the wildcard domain. Also, the Let's Encrypt cert and shortcut is missing altogether for this wildcard subdomain too. 

    Is it possible to use the Let's Encrypt wildcard in this scenario, or another way to configure it? Thanks!

     

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    @Justin, yes, it is possible. I tested that and may confirm. Could you please confirm that:

    1. You issued wildcard for domain.com

    2. *.domain.com created inside the same subscription as a subdomain.

    3. Also, do you use please Linux or Windows?

    0
    Comment actions Permalink
  • Avatar
    Giuseppe Passanisi

    i noticed that with wildcard LE it doesn't generate the www subdomain for alias.

    Is there a way to fix that?

    0
    Comment actions Permalink
  • Avatar
    Nikita Nikushkin (Edited )

    Hi @Giuseppe Passanisi!

    "www" of domain alias and subdomain are not added to SANs list and therefore are not secured by Wildcard certificate. This is Let's Encrypt extension bug with ID EXTLETSENC-568 which is planned to be fixed in future updates.

    The workaround is described here:

    www alias, subdomains are not included into the issued wildcard Let's Encrypt Certificate

    2
    Comment actions Permalink
  • Avatar
    Jan Bludau

    Thank you for help :-)

    0
    Comment actions Permalink
  • Avatar
    Dave Kramer

    I have a domain setup with a wildcard SSL with Lets Encrypt.  Whenever I create a new subdomain (using Plesk API) the subdomain is created with the certificate in the dropdown as "Not Selected".  I can still select the correct wildcard Certificate from the dropdown, but this manual process defeats the purpose of the automation provided by the Plesk API integration that I have made.

    This behavior also occurs when I manually create a subdomain in the Plesk control panel.

    I have run the following query: plesk db "SELECT * FROM domains WHERE name like '%example.com'";

    and the cert_rep_id remains the same regardless of how I change the dropdown called "Certificate"

    How can I get the wildcard certificate to automatically be selected after a new subdomain is created?

     

    1
    Comment actions Permalink
  • Avatar
    Nikita Nikushkin

    Hello @Dave Kramer,

    Yes, the wildcard certificate has to be selected manually for the existing and newly created subdomains

    It is one of the limitations

    Please also note that it is not possible to automate this process by using Plesk tools

    I added a note to the article in order to make this point more clear

    0
    Comment actions Permalink
  • Avatar
    Luis Zubeldia

    Same problem that have @Dave Kramer 

    i need to automatically assign wildcard SSL to my subdomains.

    there is not any solution for this????

     

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Luis,

    The comment from my colleague Nikita is still actual.

    As soon as there'll be any changes in the configuration for subdomains logic, the article will be updated.

    0
    Comment actions Permalink
  • Avatar
    Fouad Ahmed Fouad

    Can't issue SSL based on acme-v02, my panel.ini contains,

    [ext-letsencrypt]
    acme-directory-url = "https://acme-v02.api.letsencrypt.org/directory"
    acme-protocol-version = "acme-v02"

    Restarted Plesk and tried many times, still it insists to use web site challenge and not DNS, what should I do?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Fouad Ahmed Fouad

    The option "acme-protocol-version = "acme-v02" allows getting wildcard certificates as they're obtained via DNS-challenge only.

    Regular certificates by design are issued the same way as in acme-v01.

    More information may be found here: https://docs.plesk.com/en-US/obsidian/administrator-guide/78586/

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request