Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to allow HTTPS and configure an SSL certificate on a domain in Plesk which has Hosting Type set as Forwarding in Domains > example.com > Hosting Settings?
Answer
Warning: Currently on a Linux server, it's possible to secure a forwarding domain only when Nginx is installed and enabled on the server.
To secure a domain with the Forwarding hosting type with an SSL certificate perform the following (commands are the same for Linux SSH terminal and Windows CMD):
-
Check if the Common Challenge directory is enabled on the server.
If the output of the command is as below:# plesk ext sslit --common-challenge-dir -info
- Available: true
- Enabled: falseExecute the next command to enable the Common Challenge directory:
# plesk ext sslit --common-challenge-dir -enable
-
Go to Domains > example.com > SSL/TLS Certificates where
example.com
is a domain with hosting type Forwarding and install a Let's Encrypt or the certificate from 3rd party certificate authorities.To secure a Forwarding hosting type domain with a free Let's Encrypt certificate via CLIuse the below command:
# plesk ext sslit --certificate -issue -domain example.com -registrationEmail jdoe@example.com -secure-domain
Where:
- example.com is the name of the domain with Forwarding hosting type.
- jdoe@example.com is the email address.
-
-secure-domain is the option for securing the domain name. For other available options check
plesk ext sslit --help
.
Comments
9 comments
How to do step 4 via CLI? Executing the below command on a forwarding domain results in an error:
Hello,
This behavior was confirmed as a bug with ID EXTLETSENC-1210. Thank you for bringing this to our attention! Until the bug is fixed, please consider issuing certificates for domains with Forwarding hosting type in Plesk interface, not via CLI.
Thanks @...!
want it working on windows ;-)
Hello,
It is possible to secure domains with a Forwarding Hosting type on both Linux and Windows installations. Just make sure that the Common Challenge directory is enabled on the server.
Thank you, I wasn't aware about the Common Challenge DIrectory.
I tried with wildcard let's encrypt certificate (thinking it will use the DNS method) but no ; The authorization token is not available at blabla/.well-known/acme-challenge/
Same thing for the other options (domain name, www, webmail, pop/smtp).
With "plesk ext sslit --common-challenge-dir -info" I saw - Available: true - Enabled: true
I repair it with https://bobcares.com/blog/misconfiguration-of-the-common-challenge-directory/ and now it works !
Any update regarding EXTLETSENC-1210 ? Would love to be able to automate the deployment of Let's Encrypt for domains with Forwarding hosting type.
Hello,
There is no exact ETA for this bug for now. You may consider using the GUI solution from the article instead.
Alternatively, create a subscription 'example.com', create the second domain on this subscription ('example.net'), and select 'Forwarding' hosting type for it during creation. It will be possible to secure this second domain with the below command:
Regarding the warning that this works only with NGINX server.
I can confirm that at least on windows it works with IIS.
The Common Challenge directory must be enabled.
Please sign in to leave a comment.