You can request wildcard SSL/TLS certificates using the Let’s Encrypt extension version 2.6.0 and later. A single wildcard certificate can be used to secure a main domain together with any number of subdomains, which is useful if you have many subdomains.
Let’s Encrypt uses the ACMEv2 protocol to issue wildcard SSL/TLS certificates, while the Let’s Encrypt extension, by default, uses ACMEv1, which is more stable. To request wildcard SSL/TLS certificates via the Let’s Encrypt extension, first you need to configure it to support ACMEv2.
To configure the Let’s Encrypt extension to support ACMEv2:
acme-directory-url = "https://acme-v02.api.letsencrypt.org/directory"
acme-protocol-version = "acme-v02"
Now the Let’s Encrypt extension supports the ACMEv2 protocol. You and your customers can now request wildcard SSL/TLS certificates.
To issue a wildcard SSL/TLS certificate:
Note: If Plesk does not manage the DNS for the domain, the Let’s Encrypt extension cannot add the DNS record automatically. In this case, you will see the following message: “Please add a DNS record with the following parameters”. Add a DNS record with the specified parameters manually. If you are unsure how to do it, ask your DNS hosting provider for assistance.
dig -t txt _acme-challenge.<your_domain_name> +short
If the output matches the record shown by the Let’s Encrypt extension, you can go to the next step.
Enter the domain name shown in the Let’s Encrypt extension message (
_acme-challenge.example.com in the example above), and then click TXT Lookup. If the TXT record is found and it matches the one shown by the Let’s Encrypt extension, you can go to the next step.
Note: If the
dig -t txt command or the DNS check service do not show the TXT record, you need to make sure that the domain's NS records exist and point to the Plesk server. To do so in MxToolbox, select and click DNS Check. If no NS records are found or if they do not point to the Plesk server, you need to correct your DNS settings. If Plesk does not manage the DNS for the domain and you are unsure how to do it, ask your DNS hosting provider for assistance.
Your wildcard SSL/TLS certificate is now issued and installed. The certificate automatically secures the following objects:
The following objects are not secured by default:
You can secure them manually: