• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question Use LetsEncrypt extension to secure www subdomain only

M

Mike99

Basic Pleskian
Hi, I have a domain, where only www.example.com is hosted on latest Plesk. Root A DNS is pointed elsewhere. When I try to secure www.example.com with LetsEncrypt, I get error message:

Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
===
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/....
Details:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: unknownHost :: No valid IP addresses found for example.com

Naturally, it tries to secure example.com too.

Can I override this and instruct LetsEncrypt to secure www only?
 
You need to add the A record to domain DNS pointing to your IP address. Then choose in domain > Hosting Settings > Preferred domain with www. You can not issue a certificate for www subdomain only.
 
Thanks, that is what I needed to know. Unfortunately I am not able to point root A record to my IP. Only DNS A record for "www" points to my IP, client has some technical compatibility reasons with mail, it must stay this way for some time, so I think the only option is to buy a certificate for www only or use Letsencrypt manually?
 
Hello Mike99, as workarounds, I'd suggest the following:
- either changing the Domain name in Hosting settings from example.com to www.example.com (then don't select 'Include the "www" subdomain' - just issue a certificate for the domain name). In that case, the certificate should be renewed automatically, but there'll be unusual records in Plesk, like www.www.example.com and other side-effects are possible.
- or issuing the certificate via CLI using the command like below. However, such certificate won't be updated automatically.
plesk bin extension --exec letsencrypt cli.php -d www.example.com -m [email protected]

For sure, those are temporary solutions. It's recommended to have the domain name as example.com and both A record (example.com and www.example.com) pointing to the server IP.
 
You must log in or register to reply here.

Similar threads

B
Issue Unable to issue a Let's Encrypt certificate for domain with forwarding hosting type: nginx is not installed or is disabled on the Plesk server
Replies
1
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
A
Issue Can't reissue LE certificate
Replies
1
Views
770
Martin Dias
Martin Dias
R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
2K
Robin McDermott
R
S
Question Secure the plesk with SSL fails
Replies
9
Views
1K
Shorty
S
kristobal1969
Issue Plesk 18.0.70 and Could not issue/renew Let's Encrypt certificates
Replies
8
Views
1K
Adrian_13
A
Back
Top