• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Forwarded to devs Let's Encrypt wildcard certificates are not issued for domain aliases

Sergio Manzi

Sergio Manzi

Regular Pleskian
TITLE:
Let's Encrypt wildcard certificates are not issued for domain aliases
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx Version 17.8.11 Update #63
Let's Encrypt Version: 2.8.2-529
CentOS Linux 7.6.1810
PROBLEM DESCRIPTION:
When requesting a wildcard certificate for a subscription having domain aliases, the wildcard certificate is issued only for the primary domain (subject). All the domain aliases are issued just a "naked domain" certificate as "Certificate Subject Alt Names" of the primary subject.​
STEPS TO REPRODUCE:
  • Create a subscription having at least one domain alias
  • Request a Let's Encrypt wildcard certificate for that domain and its domain alias
  • Examine the issued certificate
ACTUAL RESULT:
The wildcard certificate is issued only for the primary domain while only the naked domain is listed in the "Certificate Subject Alt Names" for domain aliases​
EXPECTED RESULT:
Wildcard certificate being issued for the domain aliases too.​
ANY ADDITIONAL INFORMATION:
No problem when requesting www and non-www certificates: all subjects are correctly listed in the certificate's Alt Names.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
OK, thanks.

Sorry if I asked, but more than a month passed and this bug, which seems to be of trivial solution, severely hampers the usefulness of wildcards certificates (it renders it totally useless to me, actually).

Cheers,

Sergio
 
Hello,

as you suggested I kept an eye on the Let's Encrypt extension changelog and I noticed that a new version was released few days ago and that it contained modifications regarding wildcard certificates.

This particular issue was not cited in the changelog, but I hoped it would had eventually silently fixed, so I proceed with the update, but, helas, that's wasn't the case: the problem still persist.

As you surely understand that's a *BIG* problem: whenever someone is trying to access something like https://www.example.it (example.it being an alias of example.com) they are greeted by an "invalid security certificate" error.

This is making the Let's Encrypt extension useless for aliased domains. I'm wondering what's making this issue so difficult to solve...
 
I've recently updated from Onyx to Obsidian (nice!).

I had a slight hope that this bug would be resolved in Obsidian, but unhappily it is not.

The issue is open since August of the past year and I'm really starting wondering if there is any will from the Plesk part to have this fixed.

I really don't understand... do you realize that this is breaking HTTPS for www.* for every domain alias and that there is no way (that I can see or that you provided advice for) for adding www.* as an alternate subject of domain aliases?

Am I the only one using HTTPS with wildcard certificates and domain aliases? Am I missing something?
 
You must log in or register to reply here.

Similar threads

Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2
Replies
28
Views
6K
marcoherzog
M
P
Forwarded to devs SSL It! - inconsistent Let’s Encrypt branding
Replies
2
Views
1K
AYamshanov
AYamshanov
D
Issue Automatic renewal via SSLit doesn't work for wildcard certificates
Replies
0
Views
507
D3nnis3n
D
V
Issue Let's Encrypt wildcard certificate renewal : some subdomains are not secured
Replies
0
Views
945
Vincent Brouchet
V
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
284
Azurel
Azurel
Back
Top