Issue Plesk Obsidian – Let’s Encrypt certificate does not include domain aliases in SAN

[kicoes]

Server operating system version

Ubuntu 22.04.5 LTS

Plesk version and microupdate number

Plesk Obsidian Web Host Edition 18.0.74 Update #3

Hello,


I’m experiencing an issue in Plesk Obsidian Web Host Edition 18.0.74 Update #3 where domain aliases are not being included in the Let’s Encrypt certificate for the main domain.

Setup:

• One main domain with hosting and valid Let’s Encrypt certificate.
• Several domains configured as Domain Aliases pointing to that main domain.
• DNS is correctly pointing to the server and HTTP works for all aliases.

Problem:
When issuing or reinstalling the Let’s Encrypt certificate, the wizard only includes the main domain (and www), and the aliases are not listed or added to the certificate SAN. As a result, accessing an alias over HTTPS serves the default server certificate and causes a certificate name mismatch.


I have already tried:

• Reissuing the certificate.
• Unassigning and reinstalling the certificate.
• Recreating aliases.
• Confirming DNS resolution is correct.

Has anyone encountered this in recent Plesk versions or found a reliable way to force aliases to be included in the certificate?

Any help or guidance would be appreciated.

 

[Kaspar]

Just to be sure, the aliases of the domain aren't listed when issuing an LE certificate, like in the example image below?

 

[kicoes]

Sure, they don’t appear. On other Plesk servers I have, they do show up, but not on this one :S

 

[Kaspar]

I am not sure what would cause this issue. There might be some errors/warning logged in the panel.log file. What you could try is to uninstall both the SSLit! and Let's encrypt extensions and re-installed them again. Beware that this will also delete any domain certificate configuration (but will not delete the certificates themselves).

 

[kicoes]

I was keeping the option of removing and reinstalling as a last resort, since I have hundreds of domains on that machine and the thought of having to reconfigure all of them is quite discouraging. And I’m not sure it will work.






there are no Lets Encrypt logs in panel.log place

 

[Kaspar]

The panel.log is located at /var/log/plesk/ (see the link in my previous post).

I understand your reluctance to re-install the extensions. Unfortunately I don't have any other suggestions on how to solve and diagnose the issue your having. From experience I know that the SSLit! extension can, in some rare cases, behave in mysterious ways. Re-installing it has helped me in the solved some strange issues I faced.

Perhaps @Sebahat.hadzhi knows if there are any similar issues known?

 

[Sebahat.hadzhi]

Hi, @kicoes . Is "Web service" (Plesk > Domains > aliasdomain.com) enabled for the alias domain(s)? If yes, please try repairing the Plesk database:

plesk repair db

There could be some inconsistency causing the issue.