• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Wildcard SSL for entire server?

SacAutos

SacAutos

Regular Pleskian
This morning I followed the directions in the Plesk article on how to create a wildcard SSL using Let's Encrypt. Basically, all it involves is creating a panel.ini file with the acme challenge and then creating a TXT record with my DNS service. Very nice!

However, the servers I run use a wildcard SSL at the very top level (i.e. IP address) and then I use a CDN scheme to create a variety of subdomains. For example, my server has:

www.myservername.com
pics.myservername.com
pdf.myservername.com
images.myservername.com
beta.myservername.com

and so forth. How can I retire the SSL certificate that I purchase for the server with one from Let's Encrypt? At the IP address admin screen, there is no dialog for wildcards unlike at the subscription level. Am I still hosed?
 
SacAutos said:
.....How can I retire the SSL certificate that I purchase for the server with one from Let's Encrypt? ....
Click to expand...
It's not 100% clear from your post, what you're actually looking too do...

Is it...

a) Provide one *Wildcard Let's Encrypt certificate, that covers all the subdomains, on one domain (which is also the host server FQDN)

Or

b) Provide a *Wildcard Let's Encrypt certificate that covers multi-domains, some of which, may also have subdomains too (and one of the domains, is also the host server FQDN)

You can do both a) and b) but, because of the setup work involved, it's dependent, on how many domains you have, if it's b)

If it's a) You can do this using the Plesk Let's Encrypt Extension. If it's b) Can you tell us how many domains you want to cover with one certifcate?
 
It's sorta option "a." Each of the subdomains is set up as its own subscription so they are independent of each other. To get more specific, I manage a car dealership chain. The main brand is www.myautobrand.com. Each of the dealerships is set up as a subdomain. For example, buick.myservername.com. All the vehicle images are in pics.myservername.com. And so forth. There's a total of about thirty subscriptions on the server. And the server itself is named cloud.myservername.com. In the past, I have purchased a wildcard SSL for myservername.com and installed it at the IP address level of the server. Each subscription is allowed to use it for their SSL traffic. So if I could replace that wildcard that I purchase with a free one, that would be cool.
 
Sorry for the confusion. There's only one FQDN, and the example should be myautobrand.com which is an example, not the real domain, used for discussion purposes. Please ignore the myservername.com...
 
SacAutos said:
Sorry for the confusion. There's only one FQDN, and the example should be myautobrand.com which is an example, not the real domain, used for discussion purposes. Please ignore the myservername.com...
Click to expand...
Thanks! Understand that more now :)
Have you encountered something that is stopping you from using the Plesk Extension to achieve what you need? i.e. One *Wildcard Let's Encrypt Certificate that covers one FQDN, which is the Server Host, plus all of its sub-domains? From your explanation, we can't see any potential issues... but just in case, you could also read this specific post & the following post, as the answers should be very useful for you: Let's Encrypt extension (Ignore any of our posts or quotes from them in there, as they all relate to option b)
 
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
611
Polli
Polli
W
Question SSL Cert for Mail-Server
Replies
1
Views
629
Kaspar
K
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
1K
mendip_discovery
M
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
987
Robin McDermott
R
Back
Top