Issue Let's Encrypt Certificates for Domain Alias' Subdomain not working

[crysix]

Server operating system version

Ubuntu 18.04.6 LTS

Plesk version and microupdate number

Plesk Obsidian Version 18.0.52 Update #3

Hello, I have a little SSL problem with subdomains used dy alias domains.
Following situation:

Main domain: domain1.com
Alias domain: domain2.com
Alias domain: domain3.com

Creating a Let's encrypt certificat for Main Domain will also secure all alias domains. So far so good. Everything works, redirecting, also secure redirecting etc.

Now creating a subdomain:
sub.domain1.com

Plesk automatically adds corresponding alias subdomains:
sub.domain2.com and sub.domain3.com

So if you enter sub.domain2.com you will automatically be redirected to sub.domain1.com.
So far so good, BUT, if you create a Let's encrypt for sub.domain1.com, Plesk will ONLY create it for this Subdomain and not for the alias subdomains, which Plesk automatically added correctly.

So while the main domain's alias' are all secured correclty, the subdomains aren't.

This way, if you open https://sub.domain2.com you will get a certificate error (there is no certificate for that domain). If you ignore that error or open the domain without SSL it will redirect correctly.

But plesk should also secure the subdomains here. They are added in http.conf of that domain, but not secured.

 

[Peter Debik]

Please have a look at the feature request Add Aliases for Subdomains
If it matches the case, you can vote for it so that it gets more attention.

 

[crysix]

Well not directly. Because Plesk internally adds aliases for the subdomains already (automatically, if you have alias domains).
So if you have an alias domain2.com (like above), and create the subdomain for domain1.com, Plesk internally also adds aliases for sub.domain2.com, sub.domain3.com and so on.
The only problem here is, that you cannot add SSL also for all alias subdomains, like it works for the domains. So if you have a domain and multiple alias domains and create SSL, Plesk allows you to create SSL also for all alias domains (you can also check which you want).
But this will not work for subdomains. There Plesk only creates the SSL certificate for the selected main subdomain (sub.domain1.com).

 

[Maik20Tomcat]

+1 I have the same problem!

 

[Peter Debik]

As a workaround you can "Add Domain" and enter your subdomain. Then set the document root directory of that domain via "Hosting Settings" to the same document root directory that you are using for the main domain. Then create the SSL certificate for the Subdomain. This has an additional advantage: you can use email addresses with that subdomain. Document root directories are checked whether they are used by another domain or subdomain in case you remove a domain or subdomain, so when you remove a domain or subdomain and the other remains active, the content will not be deleted.

 

[crysix]

Thats not possible. If you want to add sub.domain2.com for example and domain2.com is an alias domain for domain1.com Plesk says "this domain was already added". Although you not really added it so far. This is because Plesk automatically add those "alias" subdomains, if you have a domain alias and create a subdomain for your main domain. In this case Plesk will also add aliases for all "alias subdomains". Thats totally correct und should be done this way. But if you create a SSL certificate it should also do that for all subdomains, like it does for normal alias domains.

 

[Peter Debik]

Would it then not be possible to do the same workaround as described above with domain2.com?

 

[crysix]

No, because, if you add domain2.com not as alias domain, emails will not be possible for both domains (to same account).
So if you previously used [email protected] and now want [email protected] you cannot have a single mail account, for [email protected] and 2.com
If you create domain2.com as single domain, you could of course create a htaccess redirect manually, and this way sub.domain2.com could redirect to sub.domain1.com and domain2.com to domain1.com, but then no other things will be synced (like mails).

So if there is no other possibility, this is a bug in Plesk. Because for the main domain aliases everything works correctly. And for subdomains, Plesk will also add them automatically, but SSL not for all assigend domains are used like they are on main domain.

 

[ajimenez]

Hi there, I'm experiencing same issue. Unfortunately this bug persists.
How did you approach this bug? Could you solve the problem?
Thanks

 

[Patt74]

Hello,

same problem! :-( Does anybody have a solution?

Thanks.

 

[crysix]

Sadly no solution so far. This is still a bug.

 

[Kaspar@Plesk]

This currently not considered a bug, but rather a feature limitation (as disappointing as that may be). You are welcome to add it as a feature request to UserVoice. Features that become popular might be conceded for implementation into Plesk.

 

[Patt74]

ok thanks. Is there any possible workaround to solve this manually?

 

[Kaspar@Plesk]

Thats not possible. If you want to add sub.domain2.com for example and domain2.com is an alias domain for domain1.com Plesk says "this domain was already added".

I cannot replicate that issue. I might have missed something, but I had no trouble adding "sub domain" as an actual domain in the same subscription/webspace of which the primary domain is an alias.

ok thanks. Is there any possible workaround to solve this manually?

So the workaround suggested by Peter in his post (here) could work.