Skip to content

I suggest you...

← Feature Suggestions

Issue Let's Encrypt Wildcard (and others) certificate without main domain in SAN (use DNS-01 challenge only)

Currently the Let's Encrypt Wildcard requires that main domain would be hosted on the Plesk server, and pass the HTTP-01 challenge as well as DNS-01 for Let's Encrypt.
However for issue the Wildcard Let's encrypt require only DNS-01 challenge.
The HTTP-01 limits the causing the issue since not always the main domain is hosted on the same server as the subdomains.

66 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Report

    This is an exceptionally unfortunate design decision on Plesk's behalf. This means that a domain needs to be moved to the Plesk server BEFORE issuing an SSL cert, which means that either the corresponding website will be down completely until the SSL cert has been issued, or it will be served on HTTP only. Either way, a terrible design decision.

  • b.pedini commented  ·   ·  Report

    1 man hour job to implement + 3 man hours job to test and verify:
    add an optional checkbox (like the ones for securing "www" and "webmail"), to "Force DNS-01 verification", maybe under an "Advanced features" section.

  • Jan commented  ·   ·  Report

    Another (easier) option would be to just verify all with the DNS-01 challenge and not use HTTP-01 at all as there are different occasians where HTTP challenges are problematic.

  • Kevin commented  ·   ·  Report

    The Plesk extension uses by default http-01 challenge, which doesn't work when the website is hosted on a private IP address.

    The must be an option to choose the dns-01 challenge as proffered one. This functionality is currently missing :|

Feature Suggestions: Web / SSL

Categories

Feedback and Knowledge Base

(thinking…)