Skip to content

I suggest you...

← Feature Suggestions
'DNS Authorisation for Let's Encrypt' has been merged into this idea

Issue Let's Encrypt Wildcard (and others) certificate without main domain in SAN (use DNS-01 challenge only)

Currently the Let's Encrypt Wildcard requires that main domain would be hosted on the Plesk server, and pass the HTTP-01 challenge as well as DNS-01 for Let's Encrypt.
However for issue the Wildcard Let's encrypt require only DNS-01 challenge.
The HTTP-01 limits the causing the issue since not always the main domain is hosted on the same server as the subdomains.

84 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Jan commented  ·   ·  Report

    I host a lot of websites with plesk. Using cloudflare and the domains are hosted trough cloudflare network so the IP address is different to my VPS. This is huge issue for me using plesk... is it possible to get this feature running?

  • Hideki Oride commented  ·   ·  Report

    Why do we need to have the wildcard certificate check HTTP-01 as well, when it should only check DNS-01?

  • Damjan Skerjanc commented  ·   ·  Report

    If we are hosting only mail/webmail on our plesk and want to secure mail services, but the main site is hosted elsewhere ( shopify, ... ), it is quite annoying that this does not work with only DNS-01 challenge, because we have to do it all manually

  • Dimitris Kotsonis commented  ·   ·  Report

    challenge on http-01 makes it impossible to issue certificates (e.g. for email) when the site is hosted on a different ip address than plesk. this is a big problem for us.

  • Moritz Witte commented  ·   ·  Report

    I have another service running under the main SAN, so I cant really renew my certificate without having to switch the DNS record. That is sadly not how DNS-01 should work..

  • goetschiusarchives commented  ·   ·  Report

    HTTP-01 challenge creates a firewall security issue preventing certificate renewal.
    DNS-01 challenge option must be made available.

  • Anonymous commented  ·   ·  Report

    This is an exceptionally unfortunate design decision on Plesk's behalf. This means that a domain needs to be moved to the Plesk server BEFORE issuing an SSL cert, which means that either the corresponding website will be down completely until the SSL cert has been issued, or it will be served on HTTP only. Either way, a terrible design decision.

  • b.pedini commented  ·   ·  Report

    1 man hour job to implement + 3 man hours job to test and verify:
    add an optional checkbox (like the ones for securing "www" and "webmail"), to "Force DNS-01 verification", maybe under an "Advanced features" section.

  • Jan commented  ·   ·  Report

    Another (easier) option would be to just verify all with the DNS-01 challenge and not use HTTP-01 at all as there are different occasians where HTTP challenges are problematic.

  • Kevin commented  ·   ·  Report

    The Plesk extension uses by default http-01 challenge, which doesn't work when the website is hosted on a private IP address.

    The must be an option to choose the dns-01 challenge as proffered one. This functionality is currently missing :|

Feature Suggestions: Web / SSL

Categories

Feedback and Knowledge Base

(thinking…)