Hi, for when the major update of "Plesk Let's Encrypt Extension" ?
BTW , when setting webmail certificate, on renew the certificate of webmail we need disable webmail again to certbot find webroot of webmail ? or is just for the first certificate ?
Many thanks
Yes, this step has to be done BEFORE you add the subdomain "webmail", to be able to use the provided Let's Encrypt command with the "--expand" definition.- I had to stop the webmail service for the whole server (haven't been able to stop it at the website config page)
Changes
2.1.0 (18 May 2017)
- [+] It is possible to include webmail to Let's Encrypt certificate request and secure both the domain and webmail with this certificate.
- Let's Encrypt custom settings can be configured via the panel.ini file.
- [-] After a certificate for a subdomain had been issued, it was impossible to renew the certificate for the parent domain. (EXTLETSENC-105)
We might not be "at the end of the road" for all wishes, but as you can see, constant improvements are done!
You're right about the timing.... But...
The update failed as ALL updates to the component LetsEncrypt failed in the past on ALL of my Plesk servers.
I can remove the component LetsEncrypt and re-install it, but it is not that elegant...
It also feels risky as I don't know beforehand that I will be able to install it again after removing it.
If I'm not able to install the LetsEncrypt component after removing it this becomes a very serious problem!!!!
Please recognize this dillemma Plesk is posing their customers!!!
This should not be treated as a minor anomaly.
The bug is known by Plesk and I've seen others on this forum mentioning it as well.
No software is bug free and this kind of stuff is not easy to make, but this behaviour has been there from the beginning and upgrade after upgrade it's the same (even on fresh installs).
I also would like to have an optional automatic redirect from http to https so it's not necessary to inform all clients of this great upgrade.....
If ( for wathever reason, you experience issues / errors/ problems with the Plesk Let's Encrypt version, pls. consider to open a decent bug - report at "Home > Forum > Plesk Discussion > Reports", if you can't find any solution with the help of the Plesk Community and it's users.The update failed as ALL updates to the component LetsEncrypt failed in the past on ALL of my Plesk servers.
Hi Giorgos Kontopoulos,
you could use the not documented command:
Code:plesk bin extension --exec letsencrypt cli.php -d YOUR-DOMAIN.COM -d www.YOUR-DOMAIN.COM -d webmail.YOUR-DOMAIN.COM -d mail.YOUR-DOMAIN.COM -d smtp.YOUR-DOMAIN.COM -d pop3.YOUR-DOMAIN.COM -d imap.YOUR-DOMAIN.COM -d lists.YOUR-DOMAIN.COM --email [email protected] --expand
As you can see, I included all possible subdomains, which are "normally" not setup over the Plesk Control Panel, such as "webmail.", "mail.", "smtp.", "pop3.", "imap." and "lists.". Pls. keep in mind, that there is a maximum of 100 Let's Encrypt SAN - certificate - names.
The "--expand" option at the end should be used, if there has been a previous certificate creation, which you are now able to EXPAND with the additional (sub)domain - names - if you didn't create a previous certificate for the domain, pls. leave out this option.
If you experience issues with the suggestion, pls. consider to include the Let's Encrypt - log and the output from your command line, after you used the command for further investigations.
Hi HHawk,
funny that you just posted, even that a NEW version is available:
We might not be "at the end of the road" for all wishes, but as you can see, constant improvements are done!
You're asking for troubles when going to that path to put LetsEncrypt on your mail.Webmail is the same as normal email? As in mail.domain.com.
I don't use webmail, but I do use my mailservers. Thought this was going to be released as well?
You're asking for troubles when going to that path to put LetsEncrypt on your mail.
Multiple certificates on mail is only supported by some modern mail clients.
Most mail clients don't offer the mailserver the information to offer the correct certificate.
I'm not saying it's not working.... It just won't work for all your clients probably.
A few weeks ago I told someone to really stop using Outlook 2003. I haven't seen Outlook Express for a while though.. (did see a Pegasus).
With relying on LetsEncrypt and all these scripted procedures that could go wrong at the time you most need it, this is even more hazardous... I'm not going down that path.
If you do and get bitten. Do have the courage to come back and told me I was right.
I have a wildcard certificate on my mail services.
Each client has their own hostname to connect.. all matching that wildcard.