Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to allow HTTPS and configure an SSL certificate on a domain in Plesk which has Hosting Type set as Forwarding in Domains > example.com > Hosting Settings?
Answer
Warning: Currently, it's possible to secure a forwarding domain only when Nginx is installed and enabled on the server. For details check the following article
To secure a domain with Forwarding hosting type with an SSL certificate perform the following:
-
Check if the Common Challenge directory is enabled on the server.
If the output of the command is as below:# plesk ext sslit --common-challenge-dir -info
- Available: true
- Enabled: falseExecute the next command to enable Common Challenge directory:
# plesk ext sslit --common-challenge-dir -enable
-
Go to Domains > example.com > SSL/TLS Certificates where
example.comis a domain with hosting type Forwarding and install a Let's Encrypt or the certificate from 3rd party certificate authorities.
Comments
9 comments
How can I make LetsEncrypt work for the forwarding domain?
When I try to renew the certificate, I get an error, because /.well-known/acme-challenge gets also forwarded. How can this directory be excluded?
Hello @Atramhasis, it is required to secure the domain where forwarding domain is redirected.
The directory /.well-known/acme-challenge should not be excluded as its content is required for Let's Encrypt extension to issue the certificate.
Use this article to resolve the issue.
The gentleman up above is right, this solution simply won't work. The NGINX instructions are wrong regarding Let's Encrypt.
On Onyx 17.5, we get this when entering this NGINX snippet in Plesk:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
}
We obtain: Invalid nginx configuration: nginx: [emerg] duplicate location "/.well-known/acme-challenge/" in /var/www/vhosts/system/(DOMAIN NAME)/conf/vhost_nginx.conf:1 nginx: configuration file /etc/nginx/nginx.conf test failed
For Let's Encrypt to work, the /.well-known/acme-challenge NEEDS to be excluded from the redirection, or else it just redirects to the other site, and the challenge file cannot be read and validated by Let's Encrypt.
Could you please provide us with a proper way to exclude that folder from the redirect, so that Let's encrypt can both issue and renew the certificate properly?
Thanks in advance
Hello @Tristan,
The example of such exclusion may be found here.
Hi,
Same problem here.
Configuración de nginx inválida: nginx: [emerg] duplicate location "/.well-known/acme-challenge/" in /var/www/vhosts/system/pertegaz.es/conf/vhost_nginx.conf:1 nginx: configuration file /etc/nginx/nginx.conf test failed
Please, if is possible, edit the article and include specific instructions to solve that error.
Thank you,
Hi, @Rodrigo Marcos!
Thank you for the feedback.
I have double-checked that and can confirm that no additional adjustments for Let's Encrypt are required, all Let's Encrypt directives are already included in case the latest version of the extension is in use.
That is the reason of "duplicate location" error.
I have removed extra directives from the article.
Exactly Atramhasis his scenario. On renew, lets encrypt expects the challenge to be on the domain that is forwarded to. But that domain is outside our control.
Lets Encrypt should - despite the domain forwarding - still use the challenge on the domain that is being forwarded.
Hello TomBob,
I just checked the resolution on Plesk Onyx 17.8 #MU 70 with Let’s Encrypt version 2.8.2-529: indeed when redirect enabled, the extension is trying to assign certificate to the domain forwarded to. This is how it works for now. To avoid any confusion, I removed the workaround from the article. Currently there is no workaround for that case and I suggest you to vote for implementing such feature and share your ideas with our developers.
I've created a uservoice for this issue :
https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/44559471-ssl-cert-for-a-domain-with-301-302-redirect
Please sign in to leave a comment.