• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Question ACME SSL: How to configure DNS-01 with external DNS provider?

Azurel

Azurel

Silver Pleskian
Server operating system version
AlmaLinux 8.10
Plesk version and microupdate number
18.0.78
Hi,

I installed the new ACME SSL extension (ACME SSL extension - Plesk) because I need wildcard certificates. However, I'm confused about how the extension actually works. The configuration UI only shows three fields:
- ACME Directory URL (required)
- EAB Key ID (optional)
- EAB HMAC Key (optional)

Where do I configure my DNS provider for DNS-01 challenges? My DNS is hosted externally at Artfiles, and they do have a DNS API. In fact, Artfiles is already listed as a supported provider in the lego DNS library (DNS Providers :: ACME client and library written in Go. or acme.sh/dnsapi at master · acmesh-official/acme.sh), which many ACME tools use internally. So the API integration exists but I can't find any way to configure it in the Plesk ACME SSL extension.
 
Thank you for the question, @Azurel . I consulted with our team on that matter and ACME SSL/SSL it! does not come with built-in with DNS API integration intended for updating DNS records in external zones. The ACME/SSL It! flow can automatically add the required _acme-challenge TXT record only when the domain’s DNS is handled by Plesk itself or by a third-party DNS service that could be synced with Plesk. If Plesk is not synchronized with Artfiles, the TXT record will not be pushed, and validation will fail.
In order to automatically issue wildcard SSLs, you need either local DNS management or a Plesk integration that can talk to Artfiles’ DNS API directly. In other words, ACME handles certificate issuing, but the DNS API integration is separate.
 
Thank you for the clarification. That's unfortunate – I assumed DNS-01 support would include external DNS providers via their APIs, since that's essentially the main use case for it (so I think). Without that, the extension isn't really usable for anyone whose DNS isn't managed by Plesk itself.

Is there a feature request I can vote on?
 
You must log in or register to reply here.

Similar threads

first4it
Issue Docker containers unable to resolve DNS or access external network on Plesk Obsidian 18.0.76 Update #4 (Collabora / Nextcloud issue)
Replies
2
Views
1K
first4it
first4it
wasiwarez
Issue Issues with Plesk/bind configuring as master and slave nameserver
Replies
7
Views
2K
wasiwarez
wasiwarez
H
Resolved Wildcard SSL Certificate Auto Renewals not Working for Let's Encrypt with External DNS
Replies
6
Views
16K
NickSick
N
carlsson
Issue Mail on Plesk, web on other provider, how do I create a correct SSL?
Replies
2
Views
2K
carlsson
carlsson
T
Issue LetsEncrypt certificate cant be renewed
Replies
1
Views
2K
Peter Debik
P
Back
Top