www alias, subdomains are not included into the issued wildcard Let's Encrypt Certificate

Symptoms

A wildcard certificate is issued for example.com with 'secure www' option enabled. alias.com, subdomain.example.com are added to the list of issued certificates.

On opening https://www.alias.com, a warning about incorrect certificate is shown, for example:

PLESK_WARN: HSTS warning - incorrect cert

Cause

"www" of domain alias and subdomain are not added to SANs list and therefore are not secured by Wildcard certificate. This is Let's Encrypt extension bug with ID EXTLETSENC-568 which is planned to be fixed in future updates.

Resolution

As a workaround:

1. Go to "Plesk > Domains > example.com > Let's Encrypt" and issue a wildcard certificate _without_ including the aliases. As a result, a certificate which secures "example.com" and " * .example.com" will be obtained.
2. Go to "Plesk > Domains > example.com > SSL/TLS Certificates > Lets Encrypt example.com" and rename it to the other one, e.g. to "Wildcard example.com". Press the "Rename" button.
3. Go to "Plesk > Domains > example.com > Let's Encrypt" and issue an ordinary (non-wildcard) certificate with marked "Include a "www" subdomain for the domain and each selected alias" and "Secure webmail on this domain" checkboxes and added all aliases to the right-side list. As a result, will be obtained a certificate for "example.com", "www.example.com", "alias.com", "www.alias.com", etc aliases.
4. Go to  "Plesk > Domains > one.example.com > Hosting Settings" and select a "Wildcard example.com (one.example.com)"certificate. Repeat this step for each subdomain.