• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Let's Encrypt / SSL It Plugins

A

Aakhyan

New Pleskian
Hi,

As per the latest release update, the "Let's Encrypt / SSL It Plugins" are set for "automatically issue SSL/TLS certificates only for those domains that Plesk verified to be resolvable".
But why i'm still getting the message to update the DNS records? I have added the appropriate lines to the panel.ini and both the plugins are updated to the latest version.

Also, is there a way to change the DNS authentication to HTTP based authentication, like other Hosting Panels such as WHM/cPanel, DirectAdmin, etc. have?
I don't want to go with the hassle of DNS updates for about 250 domains every 90 days.

Please suggest a proper solution.

Screenshot 2021-01-11 at 6.33.24 PM.pngScreenshot 2021-01-11 at 6.32.17 PM.pngScreenshot 2021-01-11 at 6.29.05 PM.png
 
The File-based authentication, or the HTTP-01 challenge as it's called in the Let's Encrypt documentation, is always enabled on the server by default. If you issue a non-wildcard certificate via Let's Encrypt, then a necessary file will be automatically created in the required directory to perform the verification.

However, if you are issuing a wildcard certificate *.example.com designed to secure any of the domain's subdomains at once, then the DNS-01 challenge will also be performed for the domain in addition to HTTP-01, which requires adding a TXT record in your domain's DNS configuration. But if your domain's DNS is managed externally and not on the Plesk server, then this TXT record would need to be added manually.

If you'd like to use only the HTTP-01 challenges for issuing and renewing certificates via Let's Encrypt without having to manually reconfigure DNS, please consider using the non-wildcard certificates. The downside to this is that you would need to issue a certificate for each domain's subdomains one by one. However, this would free you from having to create new TXT records for your domains every time a certificate is issued or renewed.
 
Hi @IgorG

Thanks for the update!!!

It worked like a charm without selecting the Wildcard option.

But does it also work when the renewal occurs next time on these certificates? I want to be sure on this step.
 
You must log in or register to reply here.

Similar threads

D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
373
Daiv
D
C
Question CNAME and SSL
Replies
1
Views
294
Peter Debik
P
f0rtem
Question Unable to use SSL unless I expose my IP?
Replies
2
Views
802
f0rtem
f0rtem
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
638
deepnpisgah
D
carlsson
Issue Can't issue SSL certificate!? Help!
Replies
5
Views
287
Peter Debik
P
Back
Top