Please add Mailman support to Let's Encrypt.

Ideally, one could issue either a certificate directly for lists.domain.com or a wildcard certificate for *.domain.com.

Furthermore, a secure connection should be enforceable.

Thanks!

We have a setup where webmail.example.com and example.com point to another server than our Plesk instance. Because of this we can't enable Let's Encrypt on Webmail since the CSR contains webmail.example.com and example.com.
So I hope you consider adding an option to only create webmail.example.com (without SAN example.com)

This is all about security, it's simply not a fully developed product without this facility and I am hugely shocked and surprised it doesn't already exist.

Currently, when giving users the ability to access SSL to add their own certificates, they can also view Let's Encrypt and create free certificates. It would be useful to allow users access to add their own certificates without giving them access to use Let's Encrypt and there is currently no way to do this.

Additionally, any users logging in to manage their domains can see Let's Encrypt (although cannot use it) and we keep getting asked about it, so it would be useful to hide this off for users unless they specifically need access.

Currently the Let's Encrypt Wildcard requires that main domain would be hosted on the Plesk server, and pass the HTTP-01 challenge as well as DNS-01 for Let's Encrypt.
However for issue the Wildcard Let's encrypt require only DNS-01 challenge.
The HTTP-01 limits the causing the issue since not always the main domain is hosted on the same server as the subdomains.

Currently, it is impossible to secure the webmail for the alias.
Please allow the possibility to issue Let's Encrypt SSL for the wbmail of the domain alias.

SSL Certificate changes are currently not logged in Action Log in any way. Such changes should be logged as they are part of hosting settings.
Yet, they should reflect the certificate details (e.g. "Certificate A was changed to certificate B").

If you have a .pfx file containing Certificate, Private Key and CA certificate, allow to upload that container with one step.

This way, a customer doesnt have to use tools like openssl to extract and convert the certificate themselves.

.pfx is the preferred format on windows plattforms ,e.g. when you export a certificate from another IIS-based server.

If a domain has SNI disabled from IIS > Site > example.com > Bindings, Plesk reverts it back to Enabled when it pushes changes to IIS.

It would be nice to have an option in the domain's SSL settings to turn ON/OFF SNI and lock it.

At the moment the CN of the wildcard certificate is still domain.com and not *.domain.com. The wildcard is just in the alternative domain names.
Please use the wildcard as the CN

The Plesk extension uses by default http-01 challenge, which doesn't work when the website is hosted on a private IP address.

The must be an option to choose the dns-01 challenge as proffered one. This functionality is currently missing :|

I would like to be able to acquire SSL certificate of Let's Encrypt for subdomain of www.
For example
If example.com is another server, SSL certificate of www.example.com can not be acquired by Let's encrypt
I want you to be able to do it.

When a disabled domain with a Let's Encrypt certificate is re-activated in one of those situations, Plesk should be able to:

Situation A: Domain is reactivated before reaching certificate's expiration date => Do nothing, and renew the certificate aproaching the set date in the cert itself

Situation B: Domain is reactivated after reaching certificate's expiration date => Plesk should re-order or renew the expired certificate

When a new sub domain is created it does not inherit the Let's Encrypt certificate issued for the main domain. Domains > subdomain.example.com > Hosting Settings > Certificate shows as None selected.

If the main domain has the option "Issue a wildcard SSL/TLS certificate" enabled, this certificate could be easily assigned to the new sub domain on creation instead of having to go to subdomain > Hosting settings and selecting it manually.

When adding a subdomain, it takes (at least at my webhoster) 15 min before the changes take effect. If one checked 'Secure the domain with Let's Encrypt' on the page 'Add a Subdomain', an error is thrown because the newly created subdomain is not available in time.

Therefore, I suggest taking this 'feature' off the 'Add a Subdomain' page.

By default, the Let's Encrypt extension pre-selects all alias domains of a domain to be included in the Let's Encrypt certificate. This can lead to some unwanted results, for example when one of the alias domains is removed from the DNS at a later stage (because it was only used for testing) which would result in Let's Encrypt being unable to renew the certificate.

It would be nice if there was an option that allows us to configure that alias domains should _not_ be selected by default in the Let's Encrypt extension.