• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs Let's Encrypt wildcard certificates are not issued for domain aliases

Sergio Manzi

Regular Pleskian
TITLE:
Let's Encrypt wildcard certificates are not issued for domain aliases
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx Version 17.8.11 Update #63
Let's Encrypt Version: 2.8.2-529
CentOS Linux 7.6.1810
PROBLEM DESCRIPTION:
When requesting a wildcard certificate for a subscription having domain aliases, the wildcard certificate is issued only for the primary domain (subject). All the domain aliases are issued just a "naked domain" certificate as "Certificate Subject Alt Names" of the primary subject.​
STEPS TO REPRODUCE:
  • Create a subscription having at least one domain alias
  • Request a Let's Encrypt wildcard certificate for that domain and its domain alias
  • Examine the issued certificate
ACTUAL RESULT:
The wildcard certificate is issued only for the primary domain while only the naked domain is listed in the "Certificate Subject Alt Names" for domain aliases​
EXPECTED RESULT:
Wildcard certificate being issued for the domain aliases too.​
ANY ADDITIONAL INFORMATION:
No problem when requesting www and non-www certificates: all subjects are correctly listed in the certificate's Alt Names.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
OK, thanks.

Sorry if I asked, but more than a month passed and this bug, which seems to be of trivial solution, severely hampers the usefulness of wildcards certificates (it renders it totally useless to me, actually).

Cheers,

Sergio
 
Hello,

as you suggested I kept an eye on the Let's Encrypt extension changelog and I noticed that a new version was released few days ago and that it contained modifications regarding wildcard certificates.

This particular issue was not cited in the changelog, but I hoped it would had eventually silently fixed, so I proceed with the update, but, helas, that's wasn't the case: the problem still persist.

As you surely understand that's a *BIG* problem: whenever someone is trying to access something like https://www.example.it (example.it being an alias of example.com) they are greeted by an "invalid security certificate" error.

This is making the Let's Encrypt extension useless for aliased domains. I'm wondering what's making this issue so difficult to solve...
 
I've recently updated from Onyx to Obsidian (nice!).

I had a slight hope that this bug would be resolved in Obsidian, but unhappily it is not.

The issue is open since August of the past year and I'm really starting wondering if there is any will from the Plesk part to have this fixed.

I really don't understand... do you realize that this is breaking HTTPS for www.* for every domain alias and that there is no way (that I can see or that you provided advice for) for adding www.* as an alternate subject of domain aliases?

Am I the only one using HTTPS with wildcard certificates and domain aliases? Am I missing something?
 
Back
Top