• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question CNAME and SSL

Chepplesk

New Pleskian
Server operating system version
Debian 11
Plesk version and microupdate number
18.0.58
Hi, I need to point a domain of one of my client (crm.tenant.ext) via CNAME to a site of mine hosted on Plesk (tenant.myserver.ext).

crm.tenant.ext CNAME tenant.myserver.ext

My client created the CNAME , technically everything works except the Let's Encrypt SSL certificate. I get the error SSL_ERROR_BAD_CERT_DOMAIN because the certificate is valid only for tenant.myserver.ext and not for the source domain (crm.tenant.ext). My server has Plesk Obsidian updated to the latest release, and Debian 11. How to fix it? Thanks to all
 
You could create crm.tenant.ext as a new domain in the same subscription ("Add domain" button), but enter the same document root directory into it that tenant.myserver.ext uses. When crm.tenant.ext resolves to tenant.myserver.ext, it should be possible to issue a domain validated SSL certificate for it.
 
Hi, I need to point a domain of one of my client (crm.tenant.ext) via CNAME to a site of mine hosted on Plesk (tenant.myserver.ext).

crm.tenant.ext CNAME tenant.myserver.ext

My client created the CNAME , technically everything works except the Let's Encrypt SSL certificate. I get the error SSL_ERROR_BAD_CERT_DOMAIN because the certificate is valid only for tenant.myserver.ext and not for the source domain (crm.tenant.ext). My server has Plesk Obsidian updated to the latest release, and Debian 11. How to fix it? Thanks to all
Review there is a DNS entry for A record *.myserver.ext, if there is not probably this could be the issue.
 
What? No, you don't need an A record for `*.myserver.ext`. I have done a similar thing myself.
I added a regular CNAME record for `crm.tenant.ext` over the DNS settings. And I created just an wildcard letsencrypt certifcate for tenant.ext (which is `*.tenant.ext`):

1721973874115.png

It took one day that the certificate for the CNAME was in action, but it works.
 
What? No, you don't need an A record for `*.myserver.ext`. I have done a similar thing myself.
I added a regular CNAME record for `crm.tenant.ext` over the DNS settings. And I created just an wildcard letsencrypt certifcate for tenant.ext (which is `*.tenant.ext`):

View attachment 26726

It took one day that the certificate for the CNAME was in action, but it works.
Wildcard works and you specify the issue was with CNAME but when its a domain I am going to use to create different applications, and I don't know the names yet, crm.domain, support.domain, etc I like to create the DNS record A * domain so I am able to create subdomains on the fly and add SSL without the need of wildcard certificates.
 
Back
Top