It would be grate to have an opportunity to add hsts to the webmail via Plesk UI on Windows

Separate error log for Let's Encrypt and SSLIt! would facilitate panel.log analysis a lot. Now panel.log is flooded with LE and SSLIt errors.

Automate the SSL certificate renewal process using Sectigo certificates.

So far, the process of renew a Sectigo SSL certificate on Plesk is the following:

1. First generate a private key and CSR.

2. Then we use the Sectigo portal to obtain a signed certificate.

   1. Then an admin has to manually place the certificate in the right location and restart the service.

Do this every 12 months, maybe with tens or thousands of domains can be strenuous work.

Sectigo, like Let's Encrypt, offers the ACME protocol

It might be possible to modify Let's Encrypt plugin parameters to accomodate it for Sectigo ACME.

Can we get a button to manually reissue SSLs for all domains and subdomains?

I had a few issues in the past year because SSLs didn't automatically renew which made me lose hours with support tickets.

I would prefer to hit the button "Reissue SSL for domains" once every 60 days over relying that everything will just work automatically.

When the new domain is created and when the option 'Keep websites secured with free SSL Certificate' is enabled on a service plan level as per: https://support.plesk.com/hc/en-us/articles/115001575134, the certificate is not automatically selected in Domains > example.com > SSL/TLS Certificates for mail, only for 'webmail'.

Add the feature (e.g. CLI utility) to count the certificates that are currently installed on the server with displaying their types and secured components (e.g. wildcard, webmail etc.)

List of SSL Expiry date in domains list, and make it sortable so we can target domains with close expiry.

Currently, it is only possible to automatically renew certificates issued by Let's Encrypt. Certificates from other CA's have to be updated manually even if they support ACME protocol, so it would be useful to have a module that could renew all certificates.

When in Hosting Settings setting the Preferred Domain to anything but "None" and enabling "Permanent SEO-safe 301 redirect from HTTP to HTTPS" Plesk will redirect every request in one go.

For example, I configure my domain to redirect HTTP to HTTPS and to prefer the absence of "www". When I now request "http://www.example.com/" it will be redirected to "https://example.com/" in one single redirect. According to the Dutch Web application guidelines the server should first redirect to HTTPS and only then redirect to either include or exclude the www subdomain. (see attachment, taken from https://en.internet.nl/)

The Dutch web application guidelines (https://www.ncsc.nl/documenten/publicaties/2019/mei/01/ict-beveiligingsrichtlijnen-voor-webapplicaties) prescribe a minimun max-age of one year (max-age=31536000). The default in the SSL-IT! plugin is 6 months. There is no option for one year, but there is an option for two years.

I would like to be able to set the default value and add custom values to choose from. I would also very much appreciate to be able to set those through the CLI.

The issued certificate should be also available for selecting in Domains > subdomain.name > Mail Settings > SSL/TLS certificate for mail

Hi,

I think the preview urls is a really useful feature, but they have a limitation in which they cannot be secured.

Being able to secure these urls with a wildcard certificate from Lets Encrypt would be hugely beneficial when developing.

An example would be when developing with certain APIs such as HTML5 Geolocation API.

Thanks

It will be good if Plesk can implement automatically applied wildcard let's encrypt option by default.

When creating a default server certificate within "Tools & Settings > SSL/TLS Certificates" it appears for all domains created, even those domains which doesn't match with the server certificate name.

Implementing a feature at "SSL/TLS Certificates" to avoid displaying the default server certificate for customers within "Domain > example.com > Hosting Settings > Security" can avoid having a customer use a certificate which doesn't match with their domain.

When reissuing Let's Encrypt certificate for wildcard subdomain(*.example.com) Nginx is restarted, which causes downtime depending on the number of websites. For example, if the server hosts around 4000 domains this can cause 15 seconds downtime for each restart.

The suggestion is to reload the Nginx service and not to restart it.

Currently, Plesk only provides the option to include a single domain on a Certificate Signing Request (CSR): https://support.plesk.com/hc/en-us/articles/213939845

According to our business needs, we need to issue a CSR with alternative subject names, we need to include multiple domains on this CSR so we can issue a SAN certificate, but Plesk doesn't have such functionality.

Now when it is possible to install Let's Encrypt on domain It should be possible to install Let's Encrypt certificate on domain with forwarding type on Plesk for Windows too

Add the option to remove certain domain names from Let's Encrypt certificates auto-renewal failure (customer's digest) and Let's Encrypt certificates auto-renewal success (customer's digest).

For example, I have domain example.com without "www" part (by design) that is secured with Let's Encrypt certificate for example.com (without "www" part). Plesk sends the notification that the www.example.com could not be secured. With the suggested option it will be possible to switch off such notification for "www" part only so that the regular notification for example.com will be active.

Hello,

Please add functionality for uploading purchased certificates for securing domain aliases.

At the moment domain, aliases always use the certificate for the main domain. This is not suitable if different certificates are used for a domain and an alias.

Let's Encrypt certificates can be issued for aliases, but certificates uploading should also be possible.