It would be good as an alternative to Let's Encrypt... imagine if Plesk only allowed you to publish WordPress sites...

...and Alfonso Martínez de Lizarrondo makes a good point... not using Let's Encrypt anymore because of exactly that issue...

When updating wildcard certificates for domains with DNS hosted elsewhere, using ZeroSSL means that I only have to edit DNS once every 90 days.

The new default chain for Let's encrypt in windows seems to leave out Android devices < 7.1, and it doesn't seem that it's easy to configure windows/IIS to serve the alternate chain, so if there's an option to use an alternate ACME certificate provider that doesn't have such problems at the moment it would be huge.

Many thanks BALLOON | FU-SEN for the prompt response.

Frankly, I was unaware of this option by letsencrypt, and when looking into Plesk, I don't see an option to have Plesk use that validation.
It seems on the contrary that Plesk only choses to have domain validation (shown as acronym "DV" with a padlock next to it on website & domains > domainname.com > SSL/TLS Certificates > SSL/TLS Certificate for domainname.com)

Is there a way that I could ask Plesk to automate this validation (on certificate issuance and further renewals)?

FYI, I run PLesk version Obsidian 18.0.37

Thanks

Hmm? Let's encrypt also supports http authentication:
https://letsencrypt.org/docs/challenge-types/

DNS record authentication is required for wildcard certificates, which is also common to ZeroSSL.

The unique benefit of ZeroSSL in this regard is email authentication:
https://zerossl.com/documentation/api/create-certificate/

Hi,

One benefit is on domain verification for certificate issuance.
Letsencrypt requires a DNS acme record.
This can be problematic when Plesk doesn’t manage the domain (for example when the domain is managed at anothe registrar such as google domains).

Zero ssl propose to verify domain with a file on the web server (which Plesk could automate)

So for all users who have their registrar managed outside Plesk, then Zero ssl alternative would prove useful

Hi Alexander,
I have seen this issue encountered on some hosting and web services, regardless of Plesk.

The problem is that the service provides users with a subdomain of the registered domain.
Specifically, the service registers `example.com` and provides the user with `user.example.com`.
Obviously, if this is a server that is popular to some extent, issuing Let's Encrypt will experience rate limiting.
The service source must apply to Let's Encrypt using the form or register it on the Public Suffix List.
This problem is very serious for services that serve subdomains to many users

Again, ZeroSSL doesn't have that limitation.
It is beginning to be recognized as a workaround for this issue with Let's Encrypt.
The benefits of Plesk adopting ZeroSSL should be great.

Hi 🎈 BALLOON | FU-SEN!

Have you already break a limit or near any of the Let's Encrypt limits? Could you please provide a little bit more details about your infrastructure, how many sites/requests, and what exactly limit is reached?

What is the case where do you need to issue 50 certificates per week per domain?

Thank you,
Alexander

There is a rate limit for Let’s Encrypt. It can be a big problem for some services such as hosting:

https://letsencrypt.org/docs/rate-limits/
https://support.plesk.com/hc/en-us/articles/115002143153-Cannot-issue-Let-s-Encrypt-certificate-The-Certificates-per-Registered-Domain-rate-limit-has-been-exceeded

ZeroSSL has no such restrictions.

Let's Encrypt will break compatibility with old Android devices and some systems in september 29, 2021 : https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

Having an alternative would allow users to continue to have free certificates with wider support.

This is a real issue for many editors !