Forwarded to devs Let'sEncrypt certificate creation fails for subdomain

[savedario]

TITLE:

Let'sEncrypt certificate creation fails for subdomain​

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:

Plesk Onyx 17.8.11 #17, CentOS 7, x86_64​

PROBLEM DESCRIPTION:

When creating a new domain test.example.com and checking the box 'Secure the domain with Let's Encrypt', Plesk assumes that both:
test.example.com
www.test.example.com
need to be covered by the certificate.
The creation fails for obvious reasons.​

STEPS TO REPRODUCE:

- Create a new domain (not a subdomain) like: test.example.com
- check the box to get a Let'sEncrypt certificate
- click OK​

ACTUAL RESULT:

The domain is created, but the certificate request fails.​

EXPECTED RESULT:

When a subdomain is created as a Plesk domain create the certificate only for the subdomain itself.
Perhaps detect a subdomain was requested and by default not include 'www' in the certificate.​

ANY ADDITIONAL INFORMATION:

It is not a major problem, because one can simply select the newly created domain and request a Let'sEncrypt certificate for it, this time NOT checking the box 'Include a "www" subdomain for the domain and each selected alias' that is not available when creating the domain.
It would make sense, to me, to use the same default on both forms and assume one does not want the 'www' subdomain, perhaps only if the domain being created is already a subdomain.

P.S. I am not creating test.example.com as subdomain of example.com because I want them separate (see this question)​

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:

Confirm bug​

 

[IgorG]

When creating a new domain test.example.com and checking the box 'Secure the domain with Let's Encrypt', Plesk assumes that both:
test.example.com
www.test.example.com
need to be covered by the certificate.
The creation fails for obvious reasons.

It works a little bit differently.
When creating a new domain "test.example.com" and checking the "Secure the domain with Let's Encrypt" checkbox, Plesk assumes that all:

test.example.com
www.test.example.com
webmail.test.example.com

need to be covered by the certificate

But if any of the domains:

www.test.example.com
webmail.test.example.com

does not resolve globally:

# dig www.test.example.com +short
# dig webmail.test.example.com +short
#

then only warning about this will appear but nevertheless, a certificate will be issued:

An issue occurred while securing the domain test.example.com:

The certificate has been issued. Some alternative domain names were excluded.

Domains that have not been secured are listed below. Please secure them manually.

www.test.example.com
webmail.test.example.com

Thus, the bug cannot be created because the issue cannot be reproduced.

 

[savedario]

I am confused. If you cannot reproduce the bug, why was this set to "Forward to devs" ?
The main point I was trying to make is:
Since there's no 'www' checkbox, I cannot tell Plesk: "Do only the base domain" like a do when adding the certificate later.
So I get errors (not warnings) because Plesk makes the assumptions you mention and does not inform me.
I will leave it up to you to call this a bug report or a feature request.

 

[savedario]

Just to be sure we are both looking at the same thing, I attach the screendump of the message I get.

 

[IgorG]

So I get errors (not warnings) because Plesk makes the assumptions you mention and does not inform me.

Sorry, but yellow exclamation mark means warning, but not error. And there is written what I wrote above.

If you cannot reproduce the bug, why was this set to "Forward to devs" ?

Because it was not reproduced by developers during their investigation this issue.

 

[savedario]

Thanks for the clarification.