Add the option to remove certain domain names from Let's Encrypt certificates auto-renewal failure (customer's digest) and Let's Encrypt certificates auto-renewal success (customer's digest).

For example, I have domain example.com without "www" part (by design) that is secured with Let's Encrypt certificate for example.com (without "www" part). Plesk sends the notification that the www.example.com could not be secured. With the suggested option it will be possible to switch off such notification for "www" part only so that the regular notification for example.com will be active.

Hello,

Please add functionality for uploading purchased certificates for securing domain aliases.

At the moment domain, aliases always use the certificate for the main domain. This is not suitable if different certificates are used for a domain and an alias.

Let's Encrypt certificates can be issued for aliases, but certificates uploading should also be possible.

Hello, it would be good if Plesk can redirect to https and only after to www when www prefered domain is enabled because when submitting your domain on https://hstspreload.org it gives me this error (I replaced my domain by a fake one obviously)

Let's Encrypt is a fantastic system. It has changed the landscape of SSL certs to the point that DigiCert now offers an ACME API endpoint1. This is currently a beta feature, but this would be invaluable to hosts and webmasters.

Consider a world where the only major concern is, is there active funding for the cert? The rest will be handled by the ACME bot of choice. This removes the possibility of the cert not being added or unavailable to browsers.

It would be very helpful to be able to add additional CA certificates to existing certificates.

For example, in our case, on a domain with Let's Encrypt, it's required to add origin-pull-ca.pem from Cloudflare (https://support.cloudflare.com/hc/en-us/articles/204899617/) but trying to set sslclientcertificate (Nginx) or SSLCACertificateFile (Apache) as additional directives will trigger an error of duplicate syntax.

Therefore, it should be possible to go to Domains > example.com > SSL/TLS Certificates > Click on the certificate > Add more CA-certs

If I have an ALIAS domain example.com, then
webmail.example.com is created, but there is no certificate for it

Please add Mailman support to Let's Encrypt.

Ideally, one could issue either a certificate directly for lists.domain.com or a wildcard certificate for *.domain.com.

Furthermore, a secure connection should be enforceable.

Thanks!

When a disabled domain with a Let's Encrypt certificate is re-activated in one of those situations, Plesk should be able to:

Situation A: Domain is reactivated before reaching certificate's expiration date => Do nothing, and renew the certificate aproaching the set date in the cert itself

Situation B: Domain is reactivated after reaching certificate's expiration date => Plesk should re-order or renew the expired certificate

This is all about security, it's simply not a fully developed product without this facility and I am hugely shocked and surprised it doesn't already exist.

If a domain has SNI disabled from IIS > Site > example.com > Bindings, Plesk reverts it back to Enabled when it pushes changes to IIS.

It would be nice to have an option in the domain's SSL settings to turn ON/OFF SNI and lock it.

Currently, when giving users the ability to access SSL to add their own certificates, they can also view Let's Encrypt and create free certificates. It would be useful to allow users access to add their own certificates without giving them access to use Let's Encrypt and there is currently no way to do this.

Additionally, any users logging in to manage their domains can see Let's Encrypt (although cannot use it) and we keep getting asked about it, so it would be useful to hide this off for users unless they specifically need access.

We have a setup where webmail.example.com and example.com point to another server than our Plesk instance. Because of this we can't enable Let's Encrypt on Webmail since the CSR contains webmail.example.com and example.com.
So I hope you consider adding an option to only create webmail.example.com (without SAN example.com)

SSL Certificate changes are currently not logged in Action Log in any way. Such changes should be logged as they are part of hosting settings.
Yet, they should reflect the certificate details (e.g. "Certificate A was changed to certificate B").

If you have a .pfx file containing Certificate, Private Key and CA certificate, allow to upload that container with one step.

This way, a customer doesnt have to use tools like openssl to extract and convert the certificate themselves.

.pfx is the preferred format on windows plattforms ,e.g. when you export a certificate from another IIS-based server.

At the moment the CN of the wildcard certificate is still domain.com and not *.domain.com. The wildcard is just in the alternative domain names.
Please use the wildcard as the CN

When adding a subdomain, it takes (at least at my webhoster) 15 min before the changes take effect. If one checked 'Secure the domain with Let's Encrypt' on the page 'Add a Subdomain', an error is thrown because the newly created subdomain is not available in time.

Therefore, I suggest taking this 'feature' off the 'Add a Subdomain' page.

By default, the Let's Encrypt extension pre-selects all alias domains of a domain to be included in the Let's Encrypt certificate. This can lead to some unwanted results, for example when one of the alias domains is removed from the DNS at a later stage (because it was only used for testing) which would result in Let's Encrypt being unable to renew the certificate.

It would be nice if there was an option that allows us to configure that alias domains should not be selected by default in the Let's Encrypt extension.