offtopic but - here are SSL certs even cheaper https://www.ssls.comHey, I get my cheap ssl's from: www.namecheap.com
That's the cheapest I ever found.
offtopic but - here are SSL certs even cheaper https://www.ssls.comHey, I get my cheap ssl's from: www.namecheap.com
That's the cheapest I ever found.
Hi Giorgos Kontopoulos,
you could use the not documented command:
Code:plesk bin extension --exec letsencrypt cli.php -d YOUR-DOMAIN.COM -d www.YOUR-DOMAIN.COM -d webmail.YOUR-DOMAIN.COM -d mail.YOUR-DOMAIN.COM -d smtp.YOUR-DOMAIN.COM -d pop3.YOUR-DOMAIN.COM -d imap.YOUR-DOMAIN.COM -d lists.YOUR-DOMAIN.COM --email [email protected] --expand
As you can see, I included all possible subdomains, which are "normally" not setup over the Plesk Control Panel, such as "webmail.", "mail.", "smtp.", "pop3.", "imap." and "lists.". Pls. keep in mind, that there is a maximum of 100 Let's Encrypt SAN - certificate - names.
The "--expand" option at the end should be used, if there has been a previous certificate creation, which you are now able to EXPAND with the additional (sub)domain - names - if you didn't create a previous certificate for the domain, pls. leave out this option.
If you experience issues with the suggestion, pls. consider to include the Let's Encrypt - log and the output from your command line, after you used the command for further investigations.
ServerAlias dev.apps.kantl.be
plesk bin extension --exec letsencrypt cli.php -d dev.extra.kantl.be -d dev.apps.kantl.be --email [same_email_as_original_certificate] --expand
cat cert.pem | openssl x509 -text | grep DNS
DNS:dev.extra.kantl.be
the Plesk Let's Encrypt Extension uses "http-01 - validation" and tries to create a temporary file in the web-root folder ".well-known". In your case, you modifed your DNS entries and the result is, that neither "dev.extra.kantl.be", nor "dev.apps.kantl.be" can be reached: => Status: HTTP/1.1 404 Not Found
Pls. correct this, before you continue.
plesk bin extension --exec letsencrypt cli.php -d dev.extra.kantl.be -d dev.apps.kantl.be --email [same_email_as_original_certificate] --expand --webroot-path "/var/www/vhosts/default/htdocs/"
[2017-04-10 17:42:17] ERR [extension/letsencrypt] Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Challenge marked as invalid. Details: Invalid response from http://dev.apps.kantl.be/.well-known/acme-challenge/EAJjmaO3TYqkqNLxAD-CmMIAEC_T6UTawuDO4IyYjpg [91.250.81.157]: 404
Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Challenge marked as invalid. Details: Invalid response from http://dev.apps.kantl.be/.well-known/acme-challenge/EAJjmaO3TYqkqNLxAD-CmMIAEC_T6UTawuDO4IyYjpg [91.250.81.157]: 404
Sorry, I can't confirm your statement. Pls. check it for yourself with the help of for example: => HTTP / HTTPS Header CheckI can confirm that the HTTP addresses for both domains can be reached without problems
HTTP/1.1 403 Forbidden =>
Date => Mon, 10 Apr 2017 15:47:01 GMT
Server => Apache
Vary => Accept-Encoding
Content-Length => 270
Connection => close
Content-Type => text/html; charset=iso-8859-1
The certbot places a (temporary! ) file at "/var/www/vhosts/kantl.be/dev.apps.kantl.be/.well-known/acme-challenge" ( => EAJjmaO3TYqkqNLxAD-CmMIAEC_T6UTawuDO4IyYjpg ), which should be reached, when you open the URL => http://dev.apps.kantl.be/.well-known/acme-challenge/EAJjmaO3TYqkqNLxAD-CmMIAEC_T6UTawuDO4IyYjpg . If the certbot is not able to reach the URL => http://dev.apps.kantl.be/.well-known/acme-challenge/EAJjmaO3TYqkqNLxAD-CmMIAEC_T6UTawuDO4IyYjpg the validation process can't continue with the cert - creation.
user@server:~#plesk bin extension --exec letsencrypt cli.php -d dev.extra.kantl.be -d dev.apps.kantl.be --email [same_email_as_original_certificate] --expand --webroot-path "/var/www/vhosts/kantl.be/sites/dev.extra.kantl.be"
user@server:~# cat /opt/psa/var/modules/letsencrypt/etc/live/dev.extra.kantl.be/cert.pem | openssl x509 -text | grep DNS
DNS:dev.apps.kantl.be, DNS:dev.extra.kantl.be
Could you pls. explain, why you don't create a subdomain for "dev.apps.kantl.be" and change the "Document root" in your subdomain - specific hosting settings to equal it with the "Document root" from "dev.extra.kantl.be"?(since it's impossible to create aliases for subdomains via the Plesk Control Panel)
Well, you will experience the very same issue as the one before, when you want to create the certificate, due to the fact that each domain, subdomain and alias-domain will be verified by THEIR own challenge within their document root.Could you elaborate what the issue is, and what will happen when the certificate for dev.kantl.be will be renewed? Would be good to know before I start messing with my live site configurations...
And I can enable tools and settings/SSL/TLS Certificates
Code:Certificates currently in use for securing Plesk server Certificates currently in use for securing Plesk server and mail server Certificate for securing Plesk Lets Encrypt XXXXXXXXXXXXXXXXXXXXXXXXXX. [Change] Certificate for securing mail Lets Encrypt YOUR-DOMAIN.com from YOUR-DOMAIN.com. [Change]
Pls. see for example: => #26I need certificates for 4 domains , dovecot (imap and pop3 service) support use of one certificate per domain ? how we solve this question ?
Pls. update/upgrade your extensions and afterwards, pls. repeat your steps and investigate possible issues/errors/problems in your "panel.log".Changes
2.0.3 (13 April 2017)
- The extension now logs its communication with the Let's Encrypt servers in the "panel.log". This enables better troubleshooting when there are some issues with requesting a certificate.
Could you pls. explain, why you don't create a subdomain for "dev.apps.kantl.be" and change the "Document root" in your subdomain - specific hosting settings to equal it with the "Document root" from "dev.extra.kantl.be"?
Well, you will experience the very same issue as the one before, when you want to create the certificate, due to the fact that each domain, subdomain and alias-domain will be verified by THEIR own challenge within their document root.
Correct... your ( manual ) command includes your desired webroot, but the certbot will only verify existing main-domain, alias-domain and subdomain - webroots within the renewal process.Although this folder is existing and reachable, this still won't work for the automatic renewal script? From your last remark, I gather that instead of using the document root for the "main" subdomain of the certificate, the automatic renewal script will try to look up document roots for all alias domains in the certificate via the document root settings for the sudomains administered in Plesk. If it does not find any document root in the Plesk db, it will try to construct one, which will probably not work since it doesn't exist?
As stated above, the certbot can't guess which webroot - verification you used with your ( manual ) expand - command. Just consider to use the standart main-domain, alias-domain and subdomain - usage, to avoid issues/errors/problems. Consider to invest the needed time to create alias-domains and don't see this as a "hassle". The Plesk Let's Encrypt Extensions has just not been invented to be as flexible as you desire it to be.Would that mean that upon renewal time (with my current setup), I would have to:
- manually delete the existing certificate (with all aliases)
- create a new certificate in Plesk for just the "main" subdomain and
- manually extend that again to all alias subdomains
Hi @AlL,
just a short information:
since the Plesk Let's Encrypt Extension v2.0.3
Pls. update/upgrade your extensions and afterwards, pls. repeat your steps and investigate possible issues/errors/problems in your "panel.log".
there no way of using different SSL certificate for different domain, eg:
mail.domain1.com - SSL 1
mail.domain2.com - SSL 2
mail.domain3.com - SSL 3
rather than asking all the domain holders to use mail.domain.com for incoming and outgoing and getting host name mismatch when going SSL in mail clients?
Pls. help us to understand, WHERE you are stuck and WHAT issues/errors/problems you have, after you followed WHICH STEPS?Can someone help me out of the woods?