Question ACME extension

[end]

Server operating system version

AlmaLinux 8.10 (Cerulean Leopard)

Plesk version and microupdate number

Plesk Obsidian 18.0.76 Update #4

ACMEに対応するための拡張機能が2026.326でリリースされました。

ACME SSL - Plesk Extensions

ext.plesk.com

ドキュメントには、SSL ITと併用する必要があると記載されており、両方ともインストール済みです。

しかし、ACMEディレクトリなどを設定するためのGUIが見つかりません。

使用方法に関するマニュアルはありますか？

 

[Sebahat.hadzhi]

Hi, @end . When you navigate to the SSL installation page, the "Recommended" option is enabled by default. Please toggle off the switch and you should be able to see the ACME SSL option.

On a side note, I want to mention that our team is already working on improving the UX and make the placement of the ACME option more intuitive.

 

[end]

I disabled the recommendation and it was displayed. Thank you.

 

[end]

This is a continuation of the verification process. I'm experiencing a 500 error when making a request after configuring ACME. I would appreciate assistance in resolving this issue.

I configured the ACME directory URL, EAB key ID, and EAB HMAC key obtained from the Certificate Authority and made a request, but after a few minutes, I receive a 500 internal error.

To investigate the cause of the error, I checked the log file `/var/log/plesk/panel.log`, but it didn't contain sufficient error information. Are there any other log files I should refer to?

Note that this Plesk environment is a testing environment, so inbound traffic is blocked. However, port 53 is enabled to allow DNS-01 authentication for SSL certificates. Outbound traffic is unrestricted.

 

[Sebahat.hadzhi]

@end please try temporarily to enable Plesk debug mode , reproduce the issue, and double-check /var/log/plesk/panel.log again. I would also suggest to double-check if the ACME directory is correct.

@AYamshanov do you have any guesses on what might be causing the issue?

 

[end]

Following your advice, I enabled the debug log,
and was able to confirm sufficient logging.

[2026-04-07 18:17:51.612] 93891:69d4cbbf49588 DEBUG [extension/acme] [ACME] Account resolved: https://******.com/mpki/api/v1/acme/v2/*********
[2026-04-07 18:17:52.285] 93891:69d4cbbf49588 DEBUG [extension/acme] [ACME] Reusing existing order: https://******.com/mpki/api/v1/acme/v2/*********directory|*****.com
[2026-04-07 18:17:52.285] 93891:69d4cbbf49588 DEBUG [extension/acme] [ACME] Order resolved: https://******.com/mpki/api/v1/acme/v2/*********/order/****************
[2026-04-07 18:17:52.597] 93891:69d4cbbf49588 DEBUG [extension/acme] [ACME] Validating: *****.com

It appeared to be stuck at the final stage of ACME authentication, but since Plesk had also created the .well-known/acme-challenge/* directory for the target domain, I believe this is due to the environment blocking external communication, as I mentioned in the previous thread.


Since this is a verification environment dedicated to our internal network, I cannot immediately open ports 80 and 443, but I will try opening them at a later date.




I have an additional related question.
In Plesk, there is a wildcard checkbox when issuing an SSL certificate.

The error mentioned above is the log when a wildcard is not specified.
Presumably, since single-domain certificates use HTTP-01 for authentication, they cannot be issued in my environment.



In contrast, I believe wildcards typically use DNS-01 for authentication, but when I attempted to issue a wildcard certificate, no TXT record was added to the DNS records.
Additionally, when I attempted to issue a wildcard certificate, no errors were logged even with debug logging enabled, so I was unable to identify the cause.

Is the behavior of ACME for wildcards typically logged in the debug log?






Translated with DeepL.com (free version)