Knowledge Base

 How to install wildcard certificates in Plesk with Let’s Encrypt?

 
applications extensionssslupdatestlstechnical questions

Question

How to use Let’s Encrypt for wildcard certificates in order to secure subdomains like sub1.example.com, sub2.example.com, etc.?

Answer

This feature is available starting from Let’s Encrypt 2.6.0 and it can be done through one of the following methods:

Click on a section to expand

SSL It! extension is installed

 

  1. Log in to Plesk

  1. Go to Domains > example.com > SSL/TLS Certificates > Issue Certificate > Choose the Secure the wildcard domain option > Click Get it free to renew it:

    mceclip0.png

After clicking the Install button, Let’s Encrypt will either add a DNS TXT record on its own (if Plesk server is authoritative DNS for the domain) or will provide with the instructions on how to add this record (if DNS is managed by an external server):

mceclip1.png

After completing with DNS configuring and the DNS TXT _acme-challenge.<domain> record resolves properly, click the Continue button to issue the certificate.

Let’s Encrypt extension is installed

  1. Log in to Plesk.

  2. Go to Domains > example.com > Let’s Encrypt check the Issue a wildcard SSL/TLS certificate option and click on Install

    Screenshot.png

    After clicking the Install button, Let’s Encrypt will either add a DNS TXT record on its own (if Plesk server is authoritative DNS for the domain) or will provide with the instructions on how to add this record (if DNS is managed by an external server):

    Screenshot_2.png

    Note: On Windows, if Bind DNS server is used, the record should be added manually under Domains > example.com > DNS Settings. Such certificates will also not be renewed automatically. This behavior has been registered as a bug and will be fixed in one of the future product updates.

    After completing with DNS configuring and the DNS TXT _acme-challenge.<domain> record resolves properly, click the Continue button to issue the certificate

This iteration of Let’s Encrypt wildcard certificate has several limitations:

  • A wildcard certificate is only assigned to the main domain.

    To apply it to subdomains, go to Hosting Settings of each subdomain and chose the new wildcard Let’s Encrypt certificate in the Certificate drop-down menu.
    1.png

  • New subdomains do not get the wildcard certificate automatically. It has to be selected for them manually as well.

  • Wildcard certificates can only be issued manually from the Let’s Encrypt screen of a domain. Certificates issued from domain creation screen or with the enabled keep secured option on the service plan will always issue plain (non-wildcard) Let’s Encrypt certificates.

  • Wildcard certificates will not be renewed automatically if the DNS zone is managed by an external DNS server.

Additional information

Instead of Let’s certificates, custom wildcard certificates can be added as usual according to the following article: How to install SSL certificate for a domain in Plesk

Read the full article
Related Posts
Knowledge Base

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2021 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WordPress Toolkit

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt