Change dns-01 to http-01 on Plesk?

Hi,
I use PLESK on a Windows2012 server and use LetsEncrypt on various domains which is great.
Currently LetsEncrypt add the TXT record to the domain DNS, which is fine for the majority of the domains where the DNS is also controlled by Plesk.
However I have a couple of domains where the DNS is controlled elsewhere and it's a pain to get the TXT record updated when it needs renewing.
How can I set up a specific domain to use http-01 (to check the .well-known directory) to validate the certificate instead of the DNS TXT record??
Yours
Stephen D

Welcome @smd

You don't do anything special with Let's Encrypt and the "domain". The kind of challenge is controlled by the ACME Client. In your case Plesk.

I don't know Plesk but you could try posting at the Plesk forum about how to configure it

There is even a specific forum for very old Plesk versions (Windows2012?)

3 Likes

... and in any case, if you ask for a wildcard certificate there is no alternative to the dns-01 challenge.

2 Likes

Another option is to use CNAME records and possibly acme-dns.

  1. Just like it follows redirects with the HTTP-01 verification, LetsEncrypt will let you CNAME the acme-challenge record for a DNS-01 verification onto another domain/subdomain and it will follow that link during verification. This strategy can potentially let you set up a CNAME once on a "third party" DNS host, and manage the actual challenge on DNS controlled by Plesk. I stress potentially, because I'm not familiar with the capabilities of Plesk's client.

  2. The best option, IMHO, is to have ALL domains CNAME onto a single authorization subdomain namespace that is managed by acme-dns (GitHub - joohoi/acme-dns: Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.). While the dns records managed by Plesk won't necessarily need that service, transitioning all the domains to a single system will streamline management and troubleshooting. There is more information on this technique here: A Technical Deep Dive: Securing the Automation of ACME DNS Challenge Validation | Electronic Frontier Foundation

1 Like

Thanks guys for your help.
I don't need it to be wildcard as the domains involved don't have any sub domains.
I'll chase down the Plesk forums and see what I can find there.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.