Knowledge Base

www alias, subdomains are not included into the issued wildcard Let’s Encrypt Certificate

 
0serverupdatetlstechnical questions

Symptoms

  • A wildcard certificate is issued for example.com with ‘secure www’ option enabled.

  • alias.com and subdomain.example.com are added to the list of issued certificates.

  • On opening https://www.alias.com, a warning about incorrect certificate is shown, for example:

    PLESK_WARN: HSTS warning – incorrect cert

Cause

Product issues:

  • #EXTSSLIT-1370 “The extension can now secure the www subdomains of domain aliases with wildcard SSL/TLS certificates.”
    Fixed in:
  • #EXTLETSENC-568 “It is now possible to secure the www subdomains of domain aliases with wildcard SSL/TLS certificates. The fix works for the standalone Let’s Encrypt extension only. For Let’s Encrypt in the SSL It! extension, the issue still remains and will be fixed later.”
    Fixed in:

Resolution

Please consider updating your server:

Workaround

If SSL It! extension is used, apply the following workaround:

Issue different certificates

Note: Due to Let’s Encrypt auto renew is not working for domains or Plesk with renamed certificates bug certificates in below workaround will not be renewed automatically and they should be issued manually each time.

  1. Log in to Plesk

  2. Go to Domains > example.com > Let’s Encrypt

  3. Issue a wildcard certificate _without_ including the aliases.

    Note: As a result, a certificate which secures “example.com” and ” * .example.com” will be obtained.

  4. Go to Domains > example.com > SSL/TLS Certificates > Lets Encrypt example.com

  5. Rename it to, for example: “Wildcard example.com”.

  6. Go to Domains > example.com > Let’s Encrypt

  7. Issue an non-wildcard certificate with marked “Include a “www” subdomain for the domain and each selected alias” and “Secure webmail on this domain” checkboxes and added all aliases to the right-side list.

    Note: As a result, will be obtained a certificate for “example.com”www.example.com”“alias.com”www.alias.com”, etc aliases.

  8. Go to Domains > one.example.com > Hosting Settings

  9. Select a “Wildcard example.com (one.example.com)”certificate.

    Note: Repeat this step (8-9) for each subdomain (two.example.com, three.example.com, etc…)

 

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2022 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WP Toolkit
Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt