Applying for Let's Encrypt Wildcard SSL in Plesk

Hi There,

My domain is:
My web server is (include version): Lightsail running Plesk
The operating system my web server runs on is (include version): Ubuntu 18.04.4 LTS
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don’t know): YES
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian v18.0.20_build1800200114.18
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot v0.27.0

I have a question, but let me explain my scenario first.

I have a Wordpress multisite in a VPS, the Domain is

  1. In the current apache, I have a wildcard SSL certificate protecting ALL websites under *
  2. there are 2 types of subdomains in my site. a) subdomains that point to the site within Wordpress multisite, and b) subdomains point to a subdirectory under httpdocs/something/
  3. I want to move this site to AWS Lightsail with Plesk

My Questions:

  1. How to apply for Let’s Encrypt wildcard SSL certificate in Lightsail (Plesk) before I change the DNS to point my domain to the new IP? The reason of this is because the site should run from the current server until the last minute when I move it to Lightsail (minimize downtime)
  2. In a Lightsail instance with LAMP, I can apply the Let’s Encrypt certificate before I change the DNS by following this guide: Can I do the same in Lightsail instance with Plesk?
  3. This is related to no 3 above: If I create subdomains under “Websites & Domain” in Plesk, do I need to apply SSL for each and every of the subdomains, of is there any way to make the SSL wildcard cert to be valid for all *

Thanks for your time, I hope you can help me.

Have a nice day.


1 Like

A1: There is only one way to obtain a wildcard cert - DNS authentication.
Which doesn’t require any IP to point to any name.
[and you could always copy the existing wildcard cert from one system to another]

A2: Sorry, IDK how to spell plesk.

A3: It depends on how much is added to the FQDN.
If it is just:
You will be OK with the current wildcard.
If it is more, like:
Then you will need to get new/additional certs for such names; as they include another “dot” to the left of the base wildcard name - a real subdomain of that base name will not be covered.

1 Like

Hi rg305,

Thanks for your reply, I really appreciate your help.

Btw, could you point me to any guide on how to obtain a wildcard cert using DNS authentication if I am running Plesk?

And for A3, it would be just 1 level below FQDN, like,, eytc.

In my scenario, for example, there are 4 Sites under “Website & Domains”.

  1. --> Main site, in httdocs/ (I put the wildcard certificate here)
  2. --> a site within Wordpress multisite, poiint to httdocs/
  3. --> a site within Wordpress multisite, poiint to httdocs/
  4. --> a standalone site in httdocs/site3/

So can I just add the SSL certificate in Domain “”, and the rest will use that certificate even if I don’t put it in their SSL configuration?



1 Like

I don’t know anything about plesk, so I won’t be able to direct you with anything on that.

One thing to keep in mind: The wildcard cert doesn’t automatically contain the base domain.
So you will need to be sure to include in the cert request.
Each cert can hold up to 100 entries.
A typical wildcard cert would have two entries: & *

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.