• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Let's Encrypt / SSL It Plugins

A

AK_learner

Basic Pleskian
Hi,

As per the latest release update, the "Let's Encrypt / SSL It Plugins" are set for "automatically issue SSL/TLS certificates only for those domains that Plesk verified to be resolvable".
But why i'm still getting the message to update the DNS records? I have added the appropriate lines to the panel.ini and both the plugins are updated to the latest version.

Also, is there a way to change the DNS authentication to HTTP based authentication, like other Hosting Panels such as WHM/cPanel, DirectAdmin, etc. have?
I don't want to go with the hassle of DNS updates for about 250 domains every 90 days.

Please suggest a proper solution.

Screenshot 2021-01-11 at 6.33.24 PM.pngScreenshot 2021-01-11 at 6.32.17 PM.pngScreenshot 2021-01-11 at 6.29.05 PM.png
 
The File-based authentication, or the HTTP-01 challenge as it's called in the Let's Encrypt documentation, is always enabled on the server by default. If you issue a non-wildcard certificate via Let's Encrypt, then a necessary file will be automatically created in the required directory to perform the verification.

However, if you are issuing a wildcard certificate *.example.com designed to secure any of the domain's subdomains at once, then the DNS-01 challenge will also be performed for the domain in addition to HTTP-01, which requires adding a TXT record in your domain's DNS configuration. But if your domain's DNS is managed externally and not on the Plesk server, then this TXT record would need to be added manually.

If you'd like to use only the HTTP-01 challenges for issuing and renewing certificates via Let's Encrypt without having to manually reconfigure DNS, please consider using the non-wildcard certificates. The downside to this is that you would need to issue a certificate for each domain's subdomains one by one. However, this would free you from having to create new TXT records for your domains every time a certificate is issued or renewed.
 
Hi @IgorG

Thanks for the update!!!

It worked like a charm without selecting the Wildcard option.

But does it also work when the renewal occurs next time on these certificates? I want to be sure on this step.
 
You must log in or register to reply here.

Similar threads

G J Piper
Resolved SSL It! Let's Encrypt Not Issuing Certificate on MX-only Domain
Replies
8
Views
617
G J Piper
G J Piper
D
Question Renewing Let's encrypt automatically
Replies
6
Views
2K
iainh
I
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
jradzuweit
Resolved How to update Let'S Encrypt certificate with SSL It!
Replies
4
Views
980
jradzuweit
jradzuweit
S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
1K
SilentWarrior
S
Back
Top