Symptoms
-
A wildcard certificate is issued for example.com with ‘secure www’ option enabled.
-
alias.com and subdomain.example.com are added to the list of issued certificates.
-
On opening https://www.alias.com, a warning about incorrect certificate is shown, for example:
PLESK_WARN: HSTS warning – incorrect cert
Cause
Product issues:
- #EXTSSLIT-1370 “The extension can now secure the www subdomains of domain aliases with wildcard SSL/TLS certificates.”
Fixed in:- SSL It! 1.7.8 20 February 2021
- #EXTLETSENC-568 “It is now possible to secure the www subdomains of domain aliases with wildcard SSL/TLS certificates. The fix works for the standalone Let’s Encrypt extension only. For Let’s Encrypt in the SSL It! extension, the issue still remains and will be fixed later.”
Fixed in:- Let’s Encrypt 2.12.5 03 February 2021
Resolution
Workaround
If SSL It! extension is used, apply the following workaround:
Issue different certificates
Note: Due to Let’s Encrypt auto renew is not working for domains or Plesk with renamed certificates bug certificates in below workaround will not be renewed automatically and they should be issued manually each time.
-
Go to Domains > example.com > Let’s Encrypt
-
Issue a wildcard certificate _without_ including the aliases.
Note: As a result, a certificate which secures “example.com” and ” * .example.com” will be obtained.
-
Go to Domains > example.com > SSL/TLS Certificates > Lets Encrypt example.com
-
Rename it to, for example: “Wildcard example.com”.
-
Go to Domains > example.com > Let’s Encrypt
-
Issue an non-wildcard certificate with marked “Include a “www” subdomain for the domain and each selected alias” and “Secure webmail on this domain” checkboxes and added all aliases to the right-side list.
Note: As a result, will be obtained a certificate for “example.com”, “www.example.com”, “alias.com”, “www.alias.com”, etc aliases.
-
Go to Domains > one.example.com > Hosting Settings
-
Select a “Wildcard example.com (one.example.com)”certificate.
Note: Repeat this step (8-9) for each subdomain (two.example.com, three.example.com, etc…)