Articles in this section

Does Plesk support DANE and TLSA?

Aleksandar Stoev
Updated
Plesk for Windows kb: how-to Plesk for Linux

Question

Does Plesk support DANE (DNS-based Authentication of Named Entities)?
Can I create a TLSA record in Plesk?

Answer

Starting from Plesk Obsidian 18.0.54, Plesk added the ability to add Transport Layer Security Authentication (TLSA) DNS records to domains’ DNS zones in Plesk. Such records are most commonly used to implement DNS-based Authentication of Named Entities (DANE) and Plesk supports it.

Issue Certificates with DANE Support via CLI

To enable issuing SSL certificates with DANE support via the CLI::

  1. Open the Plesk panel.ini file for editing.

  2. Add the following lines:

    CONFIG_TEXT: [ext-sslit]
    allowIssueDaneCertificatesInCLI = true

 

Example usage:

  1. Connect to the server via SSH.

  2. Create a certificate and a pending order with DANE DNS records for mail security:

    # plesk ext sslit --certificate -issue -domain -registrationEmail -secure-domain -secure-mail -dane

  3. Issue the certificate:

    # plesk ext sslit --certificate -issue -domain -continue

Was this article helpful?

Comments

2 comments
Date Votes
  • Avatar
    Omer Golgeli

    And how do we enable this for all existing domains?

    Any config pointers for panel.ini?

    0
  • Avatar
    Gianluca Del Bianco

    It's possible to disable DANE and not have the relevant checkbox in Let's Encrytpy activation? Via panel.ini?

    1

Please sign in to leave a comment.