Question
How to use Let's Encrypt for wildcard certificates in order to secure subdomains like sub1.example.com, sub2.example.com, etc.?
Answer
Wildcard certificates could be installed using the following procedure:
- Log in to Plesk
-
Go to Domains > example.com > SSL/TLS Certificates > Install a free basic certificate provided by Let's Encrypt > Choose the Secure the wildcard domain option > Click Get it free to renew it:
After clicking the Install button, Let's Encrypt will either add a DNS TXT record on its own (if Plesk server is authoritative DNS for the domain) or will provide with the instructions on how to add this record (if DNS is managed by an external server):
After completing with DNS configuring and the DNS TXT _acme-challenge.<domain> record resolves properly, click the Continue button to issue the certificate.
Note: This iteration of Let's Encrypt wildcard certificate has several limitations:
-
A wildcard certificate is only assigned to the main domain.
To apply it to subdomains, go to Hosting Settings of each subdomain and chose the new wildcard Let's Encrypt certificate in the Certificate drop-down menu.
-
New subdomains do not get the wildcard certificate automatically. It has to be selected for them manually as well.
-
Wildcard certificates can only be issued manually from the Let's Encrypt screen of a domain. Certificates issued from domain creation screen or with the enabled keep secured option on the service plan will always issue plain (non-wildcard) Let's Encrypt certificates.
-
Wildcard certificates will not be renewed automatically if the DNS zone is managed by an external DNS server.