Please add Mailman support to Let's Encrypt.

Ideally, one could issue either a certificate directly for lists.domain.com or a wildcard certificate for *.domain.com.

Furthermore, a secure connection should be enforceable.

Thanks!

We have a setup where webmail.example.com and example.com point to another server than our Plesk instance. Because of this we can't enable Let's Encrypt on Webmail since the CSR contains webmail.example.com and example.com.
So I hope you consider adding an option to only create webmail.example.com (without SAN example.com)

This is all about security, it's simply not a fully developed product without this facility and I am hugely shocked and surprised it doesn't already exist.

It will be good if Plesk can implement automatically applied wildcard let's encrypt option by default.

Hello,

Please add functionality for uploading purchased certificates for securing domain aliases.

At the moment domain, aliases always use the certificate for the main domain. This is not suitable if different certificates are used for a domain and an alias.

Let's Encrypt certificates can be issued for aliases, but certificates uploading should also be possible.

If a domain has SNI disabled from IIS > Site > example.com > Bindings, Plesk reverts it back to Enabled when it pushes changes to IIS.

It would be nice to have an option in the domain's SSL settings to turn ON/OFF SNI and lock it.

If you have a .pfx file containing Certificate, Private Key and CA certificate, allow to upload that container with one step.

This way, a customer doesnt have to use tools like openssl to extract and convert the certificate themselves.

.pfx is the preferred format on windows plattforms ,e.g. when you export a certificate from another IIS-based server.

SSL Certificate changes are currently not logged in Action Log in any way. Such changes should be logged as they are part of hosting settings.
Yet, they should reflect the certificate details (e.g. "Certificate A was changed to certificate B").

Currently, Plesk only provides the option to include a single domain on a Certificate Signing Request (CSR): https://support.plesk.com/hc/en-us/articles/213939845

According to our business needs, we need to issue a CSR with alternative subject names, we need to include multiple domains on this CSR so we can issue a SAN certificate, but Plesk doesn't have such functionality.

Add the option to remove certain domain names from Let's Encrypt certificates auto-renewal failure (customer's digest) and Let's Encrypt certificates auto-renewal success (customer's digest).

For example, I have domain example.com without "www" part (by design) that is secured with Let's Encrypt certificate for example.com (without "www" part). Plesk sends the notification that the www.example.com could not be secured. With the suggested option it will be possible to switch off such notification for "www" part only so that the regular notification for example.com will be active.

Can we get a button to manually reissue SSLs for all domains and subdomains?

I had a few issues in the past year because SSLs didn't automatically renew which made me lose hours with support tickets.

I would prefer to hit the button "Reissue SSL for domains" once every 60 days over relying that everything will just work automatically.

Hi,

I think the preview urls is a really useful feature, but they have a limitation in which they cannot be secured.

Being able to secure these urls with a wildcard certificate from Lets Encrypt would be hugely beneficial when developing.

An example would be when developing with certain APIs such as HTML5 Geolocation API.

Thanks

When the new domain is created and when the option 'Keep websites secured with free SSL Certificate' is enabled on a service plan level as per: https://support.plesk.com/hc/en-us/articles/115001575134, the certificate is not automatically selected in Domains > example.com > SSL/TLS Certificates for mail, only for 'webmail'.

Currently, it is only possible to automatically renew certificates issued by Let's Encrypt. Certificates from other CA's have to be updated manually even if they support ACME protocol, so it would be useful to have a module that could renew all certificates.

List of SSL Expiry date in domains list, and make it sortable so we can target domains with close expiry.

When reissuing Let's Encrypt certificate for wildcard subdomain(*.example.com) Nginx is restarted, which causes downtime depending on the number of websites. For example, if the server hosts around 4000 domains this can cause 15 seconds downtime for each restart.

The suggestion is to reload the Nginx service and not to restart it.

It would be very helpful to be able to add additional CA certificates to existing certificates.

For example, in our case, on a domain with Let's Encrypt, it's required to add origin-pull-ca.pem from Cloudflare (https://support.cloudflare.com/hc/en-us/articles/204899617/) but trying to set sslclientcertificate (Nginx) or SSLCACertificateFile (Apache) as additional directives will trigger an error of duplicate syntax.

Therefore, it should be possible to go to Domains > example.com > SSL/TLS Certificates > Click on the certificate > Add more CA-certs

When a disabled domain with a Let's Encrypt certificate is re-activated in one of those situations, Plesk should be able to:

Situation A: Domain is reactivated before reaching certificate's expiration date => Do nothing, and renew the certificate aproaching the set date in the cert itself

Situation B: Domain is reactivated after reaching certificate's expiration date => Plesk should re-order or renew the expired certificate

At the moment the CN of the wildcard certificate is still domain.com and not *.domain.com. The wildcard is just in the alternative domain names.
Please use the wildcard as the CN

Issuing Let's Encrypt certificates for mail.domain.tld (to secure SMTP POP IMAP) without web-hosting enabled on the main domain. At this way, Plesk can provide only mail services.