• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Wildcard LE-Cert DNS hook/callback

futureweb

Regular Pleskian
Hey there,
within our Infrastructure Plesk isn't in charge of DNS - so currently no Wildcard LE Certs are possible.
Is there somehow the possibility with Plesk LE Certs to call a Custom Script on Wildcard Cert issue / renew? So we could add/modify the needed TXT Entry within our Custom DNS Servers? A simple Hook/Callback with "Domain" & "TXT Entry Value" would be enough ...
Any ideas on that?
thx, bye from Austria
Andreas
 
Only way I can think of at the moment would be over a cronjob that gets the data from the Plesk DB:
Bash:
root@mail ~ # plesk db -sNe "select host, val from dns_recs where host like '_acme-challenge.%'"
_acme-challenge.example.com.   J4TFyug2qiqMJo3xovCozszeQkrm81WpBvJZAgiDy1c
_acme-challenge.example.net.        Ih-kKvQIy-pdv3jGnfnUAYl8Z6lLWwzNbvhQEZpCv2o
_acme-challenge.example.org.     XAWwT4vWl1ZEYV_mXm94x_kOEW-uPg8alB-wlloB6lk
And with this you can pass it to your DNS Server.
However, it works only if the DNS service is enabled on Plesk for the zone (Plesk doesn't need to be one of the DNS servers for the zone).

Also, you can vote for such feature here:

However, there is still one thing I didn't find any way to avoid: the validation inside SSL It! Extension.
Each time the certificate is renewed, even though the TXT record is added on the external DNS servers, someone has to click on Reload in Domains > example.com > SSL/TLS Certificates to finish the issuing process:
1594992414212.png
 
Hey @Arashi,
thx for your idea on how to solve this Problem - but unforunately the manual Ack within SSL It! is a massive Showstopper ... one can't manually Ack hundreds of Domains within our Shares Hosting Servers every other month ... what a pity! :-(
Will Vote for the Feature Request ... But I fear it's taking way to long getting implemented ...
thx
Andreas
 
btw) any other ideas on how to get SSL Cert on Mail-Services for all Plesk Hosted Domains on "mail.dom.tld" without Wildcard Cert?!?
We don't want our Customers to Ack the "dom.tld. Cert when using "mail.dom.tld" as Mail-Server Domain ...
 
...within our Infrastructure Plesk isn't in charge of DNS - so currently no Wildcard LE Certs are possible.
Is there somehow the possibility with Plesk LE Certs to call a Custom Script on Wildcard Cert issue / renew? So we could add/modify the needed TXT Entry within our Custom DNS Servers? A simple Hook/Callback with "Domain" & "TXT Entry Value" would be enough ...
Some content of this thread might help you achieve what you want if you're happy using acme.sh (We are, the OP in the thread is & we both use external DNS)
 
Back
Top