Facebook
Twitterbryanpedini
New Pleskian
Issue - Feature request - Annoyance - Large number of customers and broad audience
UPDATE 1: added additional reference.
I am an employee of a company that uses Plesk as their hosting management panel; and I have a private account on the same server.
However, being an IT professional (and because I need to host applications Plesk doesn't support, like custom services, Golang executables and Python Flask web services), I decided to get a VPS and host only my emails and the DNS zones on Plesk (so much easier to manage with the APIs instead of editing named zones by hand).
However securing my domains has become impractical. On my VPS I've created all sorts of automatic scripts to use HTTP-01 authentication all on the same subfolder and stuff and it works perfectly fine; however, it seems that issuing a wildcard certificate on Plesk (which we all know and remember a wildcard can be issued ONLY using DNS-01 authentication), still spits out the error "your website on Plesk has this IP but the DNS used for the challenges was this", which should not appear in the first place.
This means one and only one thing: the Let's Encrypt extension uses HTTP-01 to validate the root domain, and DNS-01 to validate the wildcard certificate for all the subdomains.
Answer that fixes all the problem: a simple volountary checkbox on the Let's Encrypt panel for issuing / renewing certificates that forces DNS-01 authentication, then you have two DNS records for `_acme-challenge.example.com` and automatic renewals works fine on the VPS with HTTP-01 and the same thing goes fine for Plesk with DNS-01.
It shouldn't be both hard nor time consuming for an update like this; yet it could save hours and hours of work of us, the IT professionals that get asked once or twice a year to host emails on one server and the website on the other, and everytime we scream to God and ask ourselves why we accepted the job only to have to say "no, the system can't do that" to the customers who then turn away and never look back at us an possibly spread a bad word.
Yes, worst case scenario, all solvable with a simple checkbox. That's the message I'm trying to spread here!
References:
Let's Encrypt extension
Question - Creating SSL Certificate using Let's Encrypt for mail-only domain
Question - Let's Encrypt (wildcard) certificate for mail-only domain ("solved" with https://support.plesk.com/hc/en-us/articles/360010008800, which is not actually a solution but rather a workaround that has to be done at every renewal)
Use "Let's encrypt" to secure IMAP/POP/SMTP connections
Cannot issue wildcard Let's Encrypt certificate in Plesk [...]
Wouldn't it be nice to have "more control" over the Let's Encrypt extension (or the SSL It!, same problem exists), and try to solve the majority of these issues with a simple checkbox that costs a couple of man hours to write the code for?
Thank you all for the time and consideration;
Bryan.
UPDATE 1: added additional reference.
I am an employee of a company that uses Plesk as their hosting management panel; and I have a private account on the same server.
However, being an IT professional (and because I need to host applications Plesk doesn't support, like custom services, Golang executables and Python Flask web services), I decided to get a VPS and host only my emails and the DNS zones on Plesk (so much easier to manage with the APIs instead of editing named zones by hand).
However securing my domains has become impractical. On my VPS I've created all sorts of automatic scripts to use HTTP-01 authentication all on the same subfolder and stuff and it works perfectly fine; however, it seems that issuing a wildcard certificate on Plesk (which we all know and remember a wildcard can be issued ONLY using DNS-01 authentication), still spits out the error "your website on Plesk has this IP but the DNS used for the challenges was this", which should not appear in the first place.
This means one and only one thing: the Let's Encrypt extension uses HTTP-01 to validate the root domain, and DNS-01 to validate the wildcard certificate for all the subdomains.
Answer that fixes all the problem: a simple volountary checkbox on the Let's Encrypt panel for issuing / renewing certificates that forces DNS-01 authentication, then you have two DNS records for `_acme-challenge.example.com` and automatic renewals works fine on the VPS with HTTP-01 and the same thing goes fine for Plesk with DNS-01.
It shouldn't be both hard nor time consuming for an update like this; yet it could save hours and hours of work of us, the IT professionals that get asked once or twice a year to host emails on one server and the website on the other, and everytime we scream to God and ask ourselves why we accepted the job only to have to say "no, the system can't do that" to the customers who then turn away and never look back at us an possibly spread a bad word.
Yes, worst case scenario, all solvable with a simple checkbox. That's the message I'm trying to spread here!
References:
Let's Encrypt extension
Question - Creating SSL Certificate using Let's Encrypt for mail-only domain
Question - Let's Encrypt (wildcard) certificate for mail-only domain ("solved" with https://support.plesk.com/hc/en-us/articles/360010008800, which is not actually a solution but rather a workaround that has to be done at every renewal)
Use "Let's encrypt" to secure IMAP/POP/SMTP connections
Cannot issue wildcard Let's Encrypt certificate in Plesk [...]
Wouldn't it be nice to have "more control" over the Let's Encrypt extension (or the SSL It!, same problem exists), and try to solve the majority of these issues with a simple checkbox that costs a couple of man hours to write the code for?
Thank you all for the time and consideration;
Bryan.
Last edited:
