- Plesk Onyx for Linux
- Plesk Onyx for Windows
How should DNS be set up for issuing Let’s Encrypt wildcard certificates?
In order to validate zone ownership to create a wildcard certificate, Let's Encrypt extension creates temporary DNS TXT record like
domain.tld is the name of the zone for which the wildcard certificate is being created.
This means that the Plesk server should be the authoritative nameserver for
There are several scenarios where it is not the case:
DNS for the zone is hosted on a separate in-house DNS server.
If authoritative DNS for the zone is hosted on a separate in-house DNS server, Slave DNS Manager extension can be used to synchronize DNS server with Plesk DNS.
DNS for the zone is hosted by a third-party DNS provider.
If authoritative DNS for the zone is hosted by a third-party DNS provider, this can be achieved by adding the following NS record on the authoritative nameserver to delegate
_acme-challenge.domain.tldsubzone to Plesk DNS:
CONFIG_TEXT: _acme-challenge.domain.tld. NS example.com.
domain.tldis the name of the zone for which the wildcard certificate is being created,
example.comis the domain name of Plesk server.