• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue wildcard SSL/TLS certificate from Let's Encrypt issue - txt has to be updated

F

fabieng

Basic Pleskian
Hello
I have a problem with wildcard renewals. Plesk is requesting new TXT record when we try to renew the certificate (or maybe to each 2/3 renewals, not sure about it). So this is blocking at some point the automatic renewals. I have to go on domain, modify the txt entry, and then re issue on plesk the certificate.
how can we bypass it ?! this is a real loss of time when we have various domains to manage.
Do we have any trick to avoid that ?!
thx for your lights !
 
Let’s Encrypt wildcard certificates require verification trough a DNS TXT record. There is no other verification methode available if you require a wildcard certificate.

If you manage your DNS externally (and it seems like you do) than this posses a bit of a challenge. Because, as you've discovered, every time a wildcard certificate has to be renewed you'll have to manually update the DNS. However, Plesk adds/updates the required TXT record to the local DNS zone of the domain. So you could consider using Plesk as the authoritative DNS for the domain. Or synchronizing the local DNS zone with your external DNS.
 
ok this is what I was afraid. I do not want to use plesk as authoritative DNS as centralizing to many services on a single point is not safe and consuming ressources which should be allowed to web applications.
I did not see that we can sync local dns with external DNS, how can we manage that ? external remains as primary, and we only "push" from plesk the dns entries ?
 
It all depends on what options your external DNS provider offers to synchronize. Could be an API or other protocol (such as AXFR transfers).

There are several Plesk Extensions available for seamless integration with major Cloud providers. Such as AWS Route 53, DigitalOcean DNS and Microsoft Azure DNS. There is also an Extensions for DNS providers who support Domain Connect. And the Plesk Slave DNS Manager for synchronizing your own secondary name servers on Linux servers.
 
I wish there were a warning when the wildcard checkbox is checked, saying "think twice because you will have to renew the certificate manually". I actually thought I will have to do it manually anyway. It's good to know I could uncheck it and make it easier but I wish I discovered it not here but on the settings panel.
 
nkomarov said:
I wish there were a warning when the wildcard checkbox is checked, saying "think twice because you will have to renew the certificate manually".
Click to expand...
rather "To renew automatically, Plesk needs to be the authoritative name server" or something
 
Yes, or something like that. For me it's "wildcard on - go confirm manually every 3 months, wildcard off - fully automatic". Always checked "wildcard" and had no idea it makes so much difference.
 
You must log in or register to reply here.

Similar threads

M
Issue Let's Encrypt Bulk Domain Renewal
Replies
4
Views
504
MacGyver
M
S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
1K
SilentWarrior
S
D
Question Renewing Let's encrypt automatically
Replies
6
Views
2K
iainh
I
Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
537
Polli
Polli
W
Question SSL Cert for Mail-Server
Replies
1
Views
589
Kaspar
K
Back
Top