I suggest you ...

← Feature Suggestions

Add ZeroSSL as an alternative to Let's Encrypt

https://zerossl.com now offers 90 days ssl certificates that work with ACME.

It would be nice to be able to choose it as a ssl certificates provider in Plesk.

Probably not too complicated since it relies on same technologies.

7 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Eroan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

9 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Nedry commented  ·   ·  Flag as inappropriate

    When updating wildcard certificates for domains with DNS hosted elsewhere, using ZeroSSL means that I only have to edit DNS once every 90 days.

  • Alfonso Martínez de Lizarrondo commented  ·   ·  Flag as inappropriate

    The new default chain for Let's encrypt in windows seems to leave out Android devices < 7.1, and it doesn't seem that it's easy to configure windows/IIS to serve the alternate chain, so if there's an option to use an alternate ACME certificate provider that doesn't have such problems at the moment it would be huge.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Many thanks BALLOON | FU-SEN for the prompt response.

    Frankly, I was unaware of this option by letsencrypt, and when looking into Plesk, I don't see an option to have Plesk use that validation.
    It seems on the contrary that Plesk only choses to have domain validation (shown as acronym "DV" with a padlock next to it on website & domains > domainname.com > SSL/TLS Certificates > SSL/TLS Certificate for domainname.com)

    Is there a way that I could ask Plesk to automate this validation (on certificate issuance and further renewals)?

    FYI, I run PLesk version Obsidian 18.0.37

    Thanks

  • Anonymous commented  ·   ·  Flag as inappropriate

    Hi,

    One benefit is on domain verification for certificate issuance.
    Letsencrypt requires a DNS acme record.
    This can be problematic when Plesk doesn’t manage the domain (for example when the domain is managed at anothe registrar such as google domains).

    Zero ssl propose to verify domain with a file on the web server (which Plesk could automate)

    So for all users who have their registrar managed outside Plesk, then Zero ssl alternative would prove useful

  • 🎈 BALLOON | FU-SEN commented  ·   ·  Flag as inappropriate

    Hi Alexander,
    I have seen this issue encountered on some hosting and web services, regardless of Plesk.

    The problem is that the service provides users with a subdomain of the registered domain.
    Specifically, the service registers `example.com` and provides the user with `user.example.com`.
    Obviously, if this is a server that is popular to some extent, issuing Let's Encrypt will experience rate limiting.
    The service source must apply to Let's Encrypt using the form or register it on the Public Suffix List.
    This problem is very serious for services that serve subdomains to many users

    Again, ZeroSSL doesn't have that limitation.
    It is beginning to be recognized as a workaround for this issue with Let's Encrypt.
    The benefits of Plesk adopting ZeroSSL should be great.

  • Alexander Yamshanov commented  ·   ·  Flag as inappropriate

    Hi 🎈 BALLOON | FU-SEN!

    Have you already break a limit or near any of the Let's Encrypt limits? Could you please provide a little bit more details about your infrastructure, how many sites/requests, and what exactly limit is reached?

    What is the case where do you need to issue 50 certificates per week per domain?

    Thank you,
    Alexander

  • 🎈 BALLOON | FU-SEN commented  ·   ·  Flag as inappropriate

    There is a rate limit for Let’s Encrypt. It can be a big problem for some services such as hosting:

    https://letsencrypt.org/docs/rate-limits/
    https://support.plesk.com/hc/en-us/articles/115002143153-Cannot-issue-Let-s-Encrypt-certificate-The-Certificates-per-Registered-Domain-rate-limit-has-been-exceeded

    ZeroSSL has no such restrictions.

Feature Suggestions: Web / SSL

Categories

Feedback and Knowledge Base

(thinking…)