Applying for Let's Encrypt Wildcard SSL in Plesk

Hi There,

My domain is: catholic.sg
My web server is (include version): Lightsail running Plesk
The operating system my web server runs on is (include version): Ubuntu 18.04.4 LTS
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don’t know): YES
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian v18.0.20_build1800200114.18
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot v0.27.0

I have a question, but let me explain my scenario first.

I have a Wordpress multisite in a VPS, the Domain is catholic.sg

  1. In the current apache, I have a wildcard SSL certificate protecting ALL websites under *.catholic.sg
  2. there are 2 types of subdomains in my site. a) subdomains that point to the site within Wordpress multisite, and b) subdomains point to a subdirectory under httpdocs/something/
  3. I want to move this site to AWS Lightsail with Plesk

My Questions:

  1. How to apply for Let’s Encrypt wildcard SSL certificate in Lightsail (Plesk) before I change the DNS to point my domain to the new IP? The reason of this is because the site should run from the current server until the last minute when I move it to Lightsail (minimize downtime)
  2. In a Lightsail instance with LAMP, I can apply the Let’s Encrypt certificate before I change the DNS by following this guide: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-lamp. Can I do the same in Lightsail instance with Plesk?
  3. This is related to no 3 above: If I create subdomains under “Websites & Domain” in Plesk, do I need to apply SSL for each and every of the subdomains, of is there any way to make the SSL wildcard cert to be valid for all *.catholic.sg?

Thanks for your time, I hope you can help me.

Have a nice day.

Sinarta

1 Like

A1: There is only one way to obtain a wildcard cert - DNS authentication.
Which doesn’t require any IP to point to any name.
[and you could always copy the existing wildcard cert from one system to another]

A2: Sorry, IDK how to spell plesk.

A3: It depends on how much is added to the FQDN.
If it is just: somename.catholic.sg
You will be OK with the current wildcard.
If it is more, like: www.somename.catholic.sg
Then you will need to get new/additional certs for such names; as they include another “dot” to the left of the base wildcard name - a real subdomain of that base name will not be covered.

1 Like

Hi rg305,

Thanks for your reply, I really appreciate your help.

Btw, could you point me to any guide on how to obtain a wildcard cert using DNS authentication if I am running Plesk?

And for A3, it would be just 1 level below FQDN, like site1.catholic.sg, site2.catholic.sg, eytc.

In my scenario, for example, there are 4 Sites under “Website & Domains”.

  1. catholic.sg --> Main site, in httdocs/ (I put the wildcard certificate here)
  2. site1.catholic.sg --> a site within Wordpress multisite, poiint to httdocs/
  3. site2.catholic.sg --> a site within Wordpress multisite, poiint to httdocs/
  4. site3.catholic.sg --> a standalone site in httdocs/site3/

So can I just add the SSL certificate in Domain “Catholic.sg”, and the rest will use that certificate even if I don’t put it in their SSL configuration?

Thanks,

Sinarta.

1 Like

I don’t know anything about plesk, so I won’t be able to direct you with anything on that.

One thing to keep in mind: The wildcard cert doesn’t automatically contain the base domain.
So you will need to be sure to include catholic.sg in the cert request.
Each cert can hold up to 100 entries.
A typical wildcard cert would have two entries:
domain.name & *.domain.name

1 Like