• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Use LetsEncrypt extension to secure www subdomain only

M

Mike99

Basic Pleskian
Hi, I have a domain, where only www.example.com is hosted on latest Plesk. Root A DNS is pointed elsewhere. When I try to secure www.example.com with LetsEncrypt, I get error message:

Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
===
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/....
Details:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: unknownHost :: No valid IP addresses found for example.com

Naturally, it tries to secure example.com too.

Can I override this and instruct LetsEncrypt to secure www only?
 
You need to add the A record to domain DNS pointing to your IP address. Then choose in domain > Hosting Settings > Preferred domain with www. You can not issue a certificate for www subdomain only.
 
Thanks, that is what I needed to know. Unfortunately I am not able to point root A record to my IP. Only DNS A record for "www" points to my IP, client has some technical compatibility reasons with mail, it must stay this way for some time, so I think the only option is to buy a certificate for www only or use Letsencrypt manually?
 
Hello Mike99, as workarounds, I'd suggest the following:
- either changing the Domain name in Hosting settings from example.com to www.example.com (then don't select 'Include the "www" subdomain' - just issue a certificate for the domain name). In that case, the certificate should be renewed automatically, but there'll be unusual records in Plesk, like www.www.example.com and other side-effects are possible.
- or issuing the certificate via CLI using the command like below. However, such certificate won't be updated automatically.
plesk bin extension --exec letsencrypt cli.php -d www.example.com -m [email protected]

For sure, those are temporary solutions. It's recommended to have the domain name as example.com and both A record (example.com and www.example.com) pointing to the server IP.
 
You must log in or register to reply here.

Similar threads

D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
341
Daiv
D
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
2K
Peter Debik
P
W
Issue Trying in issue SSL for domain name
Replies
1
Views
612
Peter Debik
P
M
Issue plesk server certificate does NOT include an ID which matches the server name
Replies
9
Views
2K
learning_curve
learning_curve
D
Issue Automatic renewal via SSLit doesn't work for wildcard certificates
Replies
0
Views
488
D3nnis3n
D
Back
Top