ability to disable Wildcard certificate option in Let's Encrypt
Add ability to disable Wildcard certificate option in Let's Encrypt
Available since Let’s Encrypt Extension 2.8.3.
https://ext.plesk.com/packages/f6847e61-33a7-4104-8dc9-d26a0183a8dd-letsencrypt
“2.8.3 (24 October 2019)
[+] Introduced the allow-wildcard-certificates option (true by default) under the ext-letsencrypt section in the panel.ini file. If set to false, the option hides the feature of issuing wildcard SSL/TLS certificates in the interfaces of the Let’s Encrypt and SSL It! extensions.
Note: For the same purpose, users could earlier use the acme-protocol-version setting with the acme-v01 value. If you have this configuration, we recommend that you start using allow-wildcard-certificates set to false because the ACMEv1 protocol will soon reach end of life."
— rk
-
Plesk Tech Support commented
Move to the bottom of the list/ Hide "Secure the wildcard domain". Most of the customers don't need this option and get confused, because cannot issue the certificate immediately.
So this should be in the most bottom selection (unticked on default) - or even placed under some "special settings" accordion menu
-
Micneon commented
Hello was redesigned think can then be placed on Closed / Started.
https://docs.plesk.com/release-notes/onyx/change-log/
24. Oktober 2019 -
anonymous commented
Can it be possible to be disabled the functionality of using Wildcard while requresting the certificate through SSL it! extension (which makes use of Let's Encrypt one) ?
-
Anonymous commented
many support tickets because wie user external DNS. Please add an option to disable wildcardoption
-
Nils commented
Yes that is creating many unnecessary support requests.
Please create an panel.ini option to disable it. -
Micneon commented
Yes that is creating many unnecessary support requests.
Please create an panel.ini option to disable it. -
Anonymous commented
we also not use the integrated dns and the customers try to issue the wildcard certificate
-
Heiko commented
Hi,
same here - we are using an external service for dns. Plesk can't set the dns-records. -
Patrick commented
hi!
We have the same issue as we are not using the internal dns servers of plesk. BR
-
Heiko commented
We manage the dns-records of our domains not within Plesk. In this case it is not possible to validate the acme-challenge.
-
Bitpalast GmbH commented
We are not using the DNS module in Plesk but manage DNS by other systems. Customers are irritated, because they now see the option which does not work for them. This is creating many unnecessary support requests.
-
Alexander Neck commented
We also would like to have that option - we do not use 'bind'-services on our plesk-servers, so it's not working anyway...
-
Heiko commented
If Plesk DNS is not managing the DNS-Zones, the validation of a wildcard-certificate is not possible.
There are many cases to use a different dns-service for managing the dns-zones.Currently the only way is to use ACMEv1 in panel.ini.
An option in panel.ini would be great to disable the wildcard-option for letsencrypt-certificates. -
Heiko commented
If Plesk is not the primary DNS Server it is not possible to add the required Records to DNS. Without these records it is not possible to issue a wildcard certificate through letsencrypt/acme-v02.
There are many reasons not to use the Plesk DNS ability.In my opinion there is only one simple solution: add an option to panel.ini to disable Let's Encrypt Wildcard Certificates.
Otherwise: Before displaying the checkbox, check the nameservers of the domain. If Plesk is not the primary Nameserver, disable the box.In our case a simple On/Off option should be a solution.
-
Heiko commented
If the dns-records are not managed by Plesk, it is not possible to automate the validation process for letsencrypt wildcard-certificates. In this case, the option for wildcard-certificates only causes an error. There are many cases why people are not using the Plesk DNS ability.
In my opinion: Add an option in panel.ini to disable the wildcard certificate (should be easy) or check the nameservers and disable the option if Plesk is not the primary dns of a domain - but check it, before the option is visible!