Articles in this section

See more

 How to install wildcard certificates in Plesk with Let's Encrypt?

Avatar
Anton Kuznetsov
Updated
Plesk for Windows Plesk for Linux ext: le ABT: Group B kb: auxiliary

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Question

How to use Let's Encrypt for wildcard certificates in order to secure subdomains like sub1.example.com, sub2.example.com, etc.?

Answer

Wildcard certificates could be installed using the following procedure:

  1. Log in to Plesk

  2. Go to Domains > example.com > SSL/TLS Certificates > Install a free basic certificate provided by Let's Encrypt > Choose the Secure the wildcard domain option > Click Get it free to renew it:
    mceclip0.png

    mceclip0.png

After clicking the Install button, Let's Encrypt will either add a DNS TXT record on its own (if Plesk server is authoritative DNS for the domain) or will provide with the instructions on how to add this record (if DNS is managed by an external server):

mceclip1.png

After completing with DNS configuring and the DNS TXT _acme-challenge.<domain> record resolves properly, click the Continue button to issue the certificate.

Note: This iteration of Let's Encrypt wildcard certificate has several limitations:

  • A wildcard certificate is only assigned to the main domain.
    To apply it to subdomains, go to Hosting Settings of each subdomain and chose the new wildcard Let's Encrypt certificate in the Certificate drop-down menu.
    1.png

  • New subdomains do not get the wildcard certificate automatically. It has to be selected for them manually as well.

  • Wildcard certificates can only be issued manually from the Let's Encrypt screen of a domain. Certificates issued from domain creation screen or with the enabled keep secured option on the service plan will always issue plain (non-wildcard) Let's Encrypt certificates.

  • Wildcard certificates will not be renewed automatically if the DNS zone is managed by an external DNS server.

Comments

4 comments

Sort by Date Votes
  • Avatar
    Gravu Trad

    no more let's encrypt option? i don't find anywhere now (i'm on last plesk)

    0
  • Avatar
    Anton Kuznetsov

    Hello Gravu Trad, 

    Let's Encrypt should work. Please check in you have SSL It! and/or Let's Encrypt extensions installed.

    0
  • Avatar
    Oskari Malkki

    Hi, Plesk Obsidian 18.0.69 doesn't provide let's encrypt or  SSLIt functionality on wildcard domains anymore! Renewed in february but now the functionality is compeletely missing. If I manually navigate to where it should be ..:8443/modules/sslit/index.php/index/certificate/id/11 I'm redirected to home with error message “Error: Domain *… is a wildcard. SslIt extension is not available”. 

    0
  • Avatar
    Anton Kuznetsov

    Hello Oskari Malkki,

    This article is not about how to issue a Let's Encrypt certificate to a wildcard domain (*.example.com). It is about how to issue a wildcard certificate (containing *.example.com in SAN field) to a domain example.com in Plesk. If you want to secure *.example.com subdomain, you need to issue a wildcard certificate to a main domain (example.com) according to this article, and then apply this certificate to the wildcard subdomain in Plesk.

    0

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles