On October 19, 2021, we have enabled single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
If you had already registered your account at Plesk 360 (formerly known as My Plesk) please use one for login. Otherwise please re-register it using the same email address as your existing Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account.

 How to install wildcard certificates in Plesk with Let's Encrypt?

Follow

Comments

46 comments

  • Avatar
    Nico Dorn

    Hallo,

    geht das denn jetzt wie oben beschrieben? Erstellung WildCard-Zertifikat? Ich habe wie oben beschrieben auf v2 umgestellt, bekomme aber dennoch nicht die Möglichkeit zur WildCard-Erstellung?

    0
    Comment actions Permalink
  • Avatar
    Kalin T. (Edited )

    Hi @Ivan, @Nikita,

    I have registered a domain name and I'm trying to issue a wildcard certificate for a website hosted on a private IP using the Plesk Let's Encrypt plugin. Plesk also does not manage the DNS for the domain, I'm using 3rd party name servers. So in my case the http-01 and tls-01 challenges won't work for me. This is why I'm trying to issue the certificate using the dns-01 challenge.

    I have enabled the ACMEv2 protocol in panel.ini and I do see now the option to issue wildcard certificate, but after I click Install, the plugin doesn't show me the page with the required TXT record and instructions (like in the 2nd screenshot of this help article). The plugin directly does a dns lookup and therefore the dns-01 challenge fails.

    Please advise if I'm missing something or there is an issue/bug in the Let's Encrypt plugin.

    I have followed the instructions in the two help articles below:

    1. Getting Free Wildcard SSL/TLS Certificates from Let's Encrypt: https://docs.plesk.com/en-US/onyx/administrator-guide/website-management/websites-and-domains/advanced-website-security/securing-connections-with-ssltls-certificates/getting-free-wildcard-ssltls-certificates-from-let%E2%80%99s-encrypt.79603/

    2. Is it possible to use Let's Encrypt for wildcard certificates?: https://support.plesk.com/hc/en-us/articles/115000490174

     

    The error that I'm getting from Plesk is:

    Error: Could not issue a Let's Encrypt SSL/TLS certificate for XXXXXXX.training.

    Please make sure that your domain is correct and the DNS A record(s) for that domain
    contain(s) the right IP address.
    Details
    Invalid response from
    Details:
    Type: urn:ietf:params:acme:error:unknownHost
    Status: 400
    Detail: No valid IP addresses found for XXXXXXX.training


    identifier  
    type "dns"
    value "XXXXXXX.training"
    status "invalid"
    expires "2018-11-01T10:48:20Z"
    challenges  
    0  
    type "http-01"
    status "invalid"
    error  
    type "urn:ietf:params:acme:error:unknownHost"
    detail "No valid IP addresses found for XXXXXXX.training"
    status 400
    url "
    token "N9SCpFVCSrvxe3gxZr1Pk6Mg1WI0IsBuVFk1pJQPwx8"
    validationRecord  
    0  
    url "http://XXXXXXX.training/.well-known/acme-challenge/N9SCpFVCSrvxe3gxZr1Pk6Mg1WI0IsBuVFk1pJQPwx8"
    hostname "XXXXXXX.training"
    port "80"
    1  
    type "dns-01"
    status "invalid"
    url  
    token "x6dM7J9F3mXnaZYzNirNgu9A42BL7-A1mvPF2nVJiTg"
    2  
    type "tls-alpn-01"
    status "invalid"
    url  
    token "V57HqhatLnWVgLVvDw_imheOEB5TgnOx4MSKW4u3_Nw"

    I would appreciate your immediate attention to this matter.

    0
    Comment actions Permalink
  • Avatar
    Gianluca

    Hello, it's possibile to execute the "Reload" function of this page via CLI instead to wait for Plesk to check the existence of the TXT record?

    0
    Comment actions Permalink
  • Avatar
    Jeffrey Tanuwidjaja

    Is there an update on this?

     
    0
    Comment actions Permalink
  • Avatar
    JB

    I have installed a wildcard certificate successfully as per the instructions, but the certificate is not appearing in the drop down under the Hosting Settings of subdomains.

    0
    Comment actions Permalink
  • Avatar
    Alexandr Tumanov

    @Mark, as it previously stated, it is planned within one month. There is no exact date. Just keep an eye on Plesk extension updates.

    0
    Comment actions Permalink
  • Avatar
    Luis Zubeldia

    Same problem that have @Dave Kramer 

    i need to automatically assign wildcard SSL to my subdomains.

    there is not any solution for this????

     

    0
    Comment actions Permalink
  • Avatar
    Giuseppe Passanisi

    i noticed that with wildcard LE it doesn't generate the www subdomain for alias.

    Is there a way to fix that?

    0
    Comment actions Permalink
  • Avatar
    Alexandr Redikultsev

    Hi @Jacques Hien,

    The issue is still not fixed, but as far as I know, it is not in the backlog and the work is ingoing. Please, subscribe to the following article to be notified when it will be fixed: https://support.plesk.com/hc/en-us/articles/360011442113

    0
    Comment actions Permalink
  • Avatar
    Alexandr Tumanov

    @Hisham, the update will be for Let's Encrypt extension that should be compatible with all Onyx versions, but I cannot guarantee this.

    Therefore, I suggest you upgrading your server up to 17.8

    0
    Comment actions Permalink
  • Avatar
    Jacques Hien

    It's really annoying that since 3months there is no Fix for such an important feature

    0
    Comment actions Permalink
  • Avatar
    Artyom Baranov

    @Julius Huitema,

    Hello! Unfortunately, we don't have such information :( The implementation of the feature requires a careful testing. It is hard to say for sure how much time it will take.

    I suggest to "Follow" this article to be notified as soon as the new information is available.

    0
    Comment actions Permalink
  • Avatar
    Arnaud

    Great news ! Thanks for having taken this into account in short term roadmap !

    - Arnaud

    0
    Comment actions Permalink
  • Avatar
    Alexandr Redikultsev

    Hello, @Kalin T.

    The error message you are providing (Detail: No valid IP addresses found for ... ) is actually returned not by the plugin, but by Let's Encrypt itself.

    Usually it means that Let's Encrypt was not able to get an IP address of XXXXXXX.training.

    Issuing wildcard certificates works in the following manner:

    1. example.com -- http-01

    2. *.example.com -- dns-01

    So http-01 challenge should be passed. However, as far as I understand, XXXXXXX.training has some local IP globally like 10.51.*... and Let's Encrypt just could not get there.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Gunnar,

    Thank you for the feedback. Indeed, currently, the required certificate needs to be chosen manually (the steps are provided in the documentation and in this article).

    The limitations are expected to be resolved in future updates.

    -1
    Comment actions Permalink
  • Avatar
    Alexandr Tumanov

    @Chris,

    Yes, we have plans to add the support of wildcards certificates. However, as for now, Plesk Let's Encrypt extension has few limitations that do not allow it to support wildcard certificates. Currently, we cannot provide any ETA.

    -2
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request