• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Use LetsEncrypt extension to secure www subdomain only

M

Mike99

Basic Pleskian
Hi, I have a domain, where only www.example.com is hosted on latest Plesk. Root A DNS is pointed elsewhere. When I try to secure www.example.com with LetsEncrypt, I get error message:

Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
===
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/....
Details:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: unknownHost :: No valid IP addresses found for example.com

Naturally, it tries to secure example.com too.

Can I override this and instruct LetsEncrypt to secure www only?
 
You need to add the A record to domain DNS pointing to your IP address. Then choose in domain > Hosting Settings > Preferred domain with www. You can not issue a certificate for www subdomain only.
 
Thanks, that is what I needed to know. Unfortunately I am not able to point root A record to my IP. Only DNS A record for "www" points to my IP, client has some technical compatibility reasons with mail, it must stay this way for some time, so I think the only option is to buy a certificate for www only or use Letsencrypt manually?
 
Hello Mike99, as workarounds, I'd suggest the following:
- either changing the Domain name in Hosting settings from example.com to www.example.com (then don't select 'Include the "www" subdomain' - just issue a certificate for the domain name). In that case, the certificate should be renewed automatically, but there'll be unusual records in Plesk, like www.www.example.com and other side-effects are possible.
- or issuing the certificate via CLI using the command like below. However, such certificate won't be updated automatically.
plesk bin extension --exec letsencrypt cli.php -d www.example.com -m [email protected]

For sure, those are temporary solutions. It's recommended to have the domain name as example.com and both A record (example.com and www.example.com) pointing to the server IP.
 
You must log in or register to reply here.

Similar threads

T
Issue SSL certificate renewal under cloudflare
Replies
0
Views
193
theplaza
T
J
Issue Let's encrypt for Plesk cannot be renewed status 500
Replies
1
Views
453
Sebahat.hadzhi
Sebahat.hadzhi
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
526
Leta
L
M
Issue Wordpress MU alias domains with Let's Encrypt - hit the error: Order cannot contain more than 100 DNS names
Replies
1
Views
173
Kaspar
K
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
2K
Daiv
D
Back
Top