• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue wildcard SSL/TLS certificate from Let's Encrypt issue - txt has to be updated

F

fabieng

Basic Pleskian
Hello
I have a problem with wildcard renewals. Plesk is requesting new TXT record when we try to renew the certificate (or maybe to each 2/3 renewals, not sure about it). So this is blocking at some point the automatic renewals. I have to go on domain, modify the txt entry, and then re issue on plesk the certificate.
how can we bypass it ?! this is a real loss of time when we have various domains to manage.
Do we have any trick to avoid that ?!
thx for your lights !
 
Let’s Encrypt wildcard certificates require verification trough a DNS TXT record. There is no other verification methode available if you require a wildcard certificate.

If you manage your DNS externally (and it seems like you do) than this posses a bit of a challenge. Because, as you've discovered, every time a wildcard certificate has to be renewed you'll have to manually update the DNS. However, Plesk adds/updates the required TXT record to the local DNS zone of the domain. So you could consider using Plesk as the authoritative DNS for the domain. Or synchronizing the local DNS zone with your external DNS.
 
ok this is what I was afraid. I do not want to use plesk as authoritative DNS as centralizing to many services on a single point is not safe and consuming ressources which should be allowed to web applications.
I did not see that we can sync local dns with external DNS, how can we manage that ? external remains as primary, and we only "push" from plesk the dns entries ?
 
It all depends on what options your external DNS provider offers to synchronize. Could be an API or other protocol (such as AXFR transfers).

There are several Plesk Extensions available for seamless integration with major Cloud providers. Such as AWS Route 53, DigitalOcean DNS and Microsoft Azure DNS. There is also an Extensions for DNS providers who support Domain Connect. And the Plesk Slave DNS Manager for synchronizing your own secondary name servers on Linux servers.
 
I wish there were a warning when the wildcard checkbox is checked, saying "think twice because you will have to renew the certificate manually". I actually thought I will have to do it manually anyway. It's good to know I could uncheck it and make it easier but I wish I discovered it not here but on the settings panel.
 
nkomarov said:
I wish there were a warning when the wildcard checkbox is checked, saying "think twice because you will have to renew the certificate manually".
Click to expand...
rather "To renew automatically, Plesk needs to be the authoritative name server" or something
 
Yes, or something like that. For me it's "wildcard on - go confirm manually every 3 months, wildcard off - fully automatic". Always checked "wildcard" and had no idea it makes so much difference.
 
You must log in or register to reply here.

Similar threads

Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2
Replies
28
Views
6K
marcoherzog
M
I
Question Plesk, Domainconnect and ionos
Replies
0
Views
340
isi700
I
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
271
Azurel
Azurel
F
Question How can I renew the Lets Encrypt certificates on a VPS Server from the Ionos company?
Replies
0
Views
242
fonorola
F
futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
8
Views
258
futureweb
futureweb
Back
Top