Issue Let's Encrypt Wildcard (and others) certificate without main domain in SAN (use DNS-01 challenge only)
Currently the Let's Encrypt Wildcard requires that main domain would be hosted on the Plesk server, and pass the HTTP-01 challenge as well as DNS-01 for Let's Encrypt.
However for issue the Wildcard Let's encrypt require only DNS-01 challenge.
The HTTP-01 limits the causing the issue since not always the main domain is hosted on the same server as the subdomains.
This is an exceptionally unfortunate design decision on Plesk's behalf. This means that a domain needs to be moved to the Plesk server BEFORE issuing an SSL cert, which means that either the corresponding website will be down completely until the SSL cert has been issued, or it will be served on HTTP only. Either way, a terrible design decision.
Vincent Lauton commented
See https://letsencrypt.org/docs/challenge-types/ --> DNS-01 challenge
This would make validation easier for certain users and with official plugins can support external DNS providers for automatic record creation, as well as making full use of LetsEncrypt's verification options
1 man hour job to implement + 3 man hours job to test and verify:
add an optional checkbox (like the ones for securing "www" and "webmail"), to "Force DNS-01 verification", maybe under an "Advanced features" section.
Another (easier) option would be to just verify all with the DNS-01 challenge and not use HTTP-01 at all as there are different occasians where HTTP challenges are problematic.
The Plesk extension uses by default http-01 challenge, which doesn't work when the website is hosted on a private IP address.
The must be an option to choose the dns-01 challenge as proffered one. This functionality is currently missing :|
Described in https://tools.ietf.org/html/draft-ietf-acme-acme-06#section-8.4
The problems with mail/webmail/lists subdomains could be obsolete, because a _acme_challenge.lists.domain.tld txt record could be challenged.
So no problems with webroots etc.