How can I manually submit a CSR for a wildcard SSL?

I have created a CSR from a form in Plesk. But I don't believe my host provider provides support for automating the process. ZeroSSL charges 50 dollars a month for wild card domains. And my provider charges like $71 for a package of 5 domains. I have read Let's Encrypt is free. So I am trying to figure out how to manually submit my CSR generated from plesk, get the components and upload the components into my SSL Repo and use it on my subdomains.

My domain is: "" is my main domain. I am trying to create a wild card SSL for "*"

I ran this command: I am on a shared server so I was not able to run a command. But I was able to go to SSL/TLS Certificates for the website of one of my subdomains in Plesk and click Add TLS/SSL Certificate. From there I can click Request for a form where I plugged in the wild card domain. Now the request is in the TLS/SSL Repository. And I can copy the autogenerated CSR between the comments: -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----.
Just don't know how to submit it (manually) to Let's Encrypt.

It produced this output: N/A

My web server is (include version): I am not sure. I have ulitmate Shared Hosting from GoDaddy. It's Windows so that I could host both ASP.Net and WordPress sites.

The operating system my web server runs on is (include version): Windows. Do not know the version.

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know): I don't think so. Only FTP access and Plesk.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk (not sure of version)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I think I have to do this process manually.

1 Like

Short answer: you can't, at least not directly. Let's Encrypt doesn't directly support this usage method.

Longer answer: Though Let's Encrypt doesn't directly support this, some third-party services do, and act as a sort of middleman to make the proper request to Let's Encrypt. Suggest this one:

But you'll need to redo this every 60-80 days, as the certs are only valid for 90 days. A better way to go would be to use a less user-hostile web host that handles this stuff for you.


@griffin Perhaps a CertSage candidate?


I'll check it out. Thanks.

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

Unless you specifically need a wildcard certificate, you would probably greatly benefit from using CertSage, an ACME client I authored myself specially for GoDaddy panel users. You can likely have your certificate within minutes without using a command line at all.

1 Like

I need a wild card SSL as stated in the title and text of the post.

1 Like

My host, GoDaddy, unfortunately does not support this, ACME. Not on the package I am on. They are recommending an upgrade where I get unlimited SSLs. This should not be this difficult. Very frustrated with my provider.

1 Like

Might I ask why, specifically, you need a wildcard certificate? I used to use wildcard certificates, but I've found that they're almost always unnecessary. Having about 30 GoDaddy cPanel shared hosting accounts myself, I can assure you that it's possible use ACME Let's Encrypt certificates with GoDaddy shared hosting.

1 Like

I am not on cPanel :wink:

1 Like

Does your hosting support PHP? If so, problem solved.

1 Like

Do you have a way to install a certificate with Plesk once you have the certificate?

Like this, perhaps?

1 Like

Yes, I just need a way to generate a public key from the private key I already have from submitting the request. I'll probably just upgrade with GoDaddy from this Ultimate Windows hosting with 1 SSL to MAX cPanel with unlimited SSLs. I was just trying to keep it simple while I'm just getting into WordPress. I thought I could host my ASP stuff as well on the Ultimate Windows plan. I guess I'll have to keep that stuff in Azure. I'll have to get into openSSL if I want to generate the public key. But probably not worth it.

This is what I am trying to fill out:

I just need to generate the public key somehow.

1 Like

You can use that site, which is what I modeled CertSage on, but it's extremely laborious. One mistake and you need to basically start over. I've used that site to acquire about 20 certificates. Even knowing exactly what you're doing, you will spend 20 minutes minimum of typing, copying, and pasting. Again, do you absolutely need a wildcard certificate? Acquiring and maintaining one is costly in terms of time, money, or both. Having helped literally thousands of people in this community setup and/or fix SSL for their websites, I've only seen a very small number of use cases for a wildcard certificate.

The most important thing to know when using is that the account private key and certificate private key must be different. You can easily use OpenSSL to extract a public key from a private key.

I'm not trying to sell you anything, so you know. CertSage is absolutely free to use and entirely supported by donations. I just don't want to see you struggle horribly to get a certificate when I can show you how much of a cake walk it is to do so.

1 Like

Thanks Griffen,

Well maybe I don't need a wildcard domain.
I guess I could just buy (or get for free) a new SSL for each subdomain in ZeroSSL or SSL for Free (these seem to be the same thing when I try to run through them).

Is there a URL for CertSage? I can check that out too.
I'm really just using the GoDaddy environment for a sandbox at this point to learn WordPress.
But I still want to be able to host my stuff as soon as possible.

1 Like

CertSage is just a single PHP file that you drop into the webroot folder of your website (for example: /public_html). You navigate to that PHP file using your web browser then enter:

  • an email address where to receive Let's Encrypt certificate expiration notices
  • your domain name
  • any subdomain names for that domain name (for example: www)

CertSage will create its data folder (where your generated private key and certificate will be stored upon success) one level above your webroot folder (for example: /CertSage). The thing to know here is that the domain name and subdomain names all must point to the same webroot folder. CertSage will technically work with any hosting (with a couple of tweaks to a couple of constants at the top of its code).

CertSage is currently by invitation only. It will be fully released to the public soon. I just want to finish a couple of other bonus features before full release. I'll send you the Gamma Test instructions if you're interested.

1 Like

Are your subdomains dynamically generated then? Because if not, why not get a single certificate with all subdomains? A LE cert can contain 100 hostnames, so if you'd include the apex domain too, it can contain 99 subdomains.

1 Like

I don't think people are reading this post before they reply.

1 Like

We've thoroughly read all of your posts. We just don't understand what exactly you're trying to accomplish. Each person here who has responded to you has helped many hundreds of people acquire certificates, so please understand that we're all trying to make this as easy as possible for you and prevent you from making terrible mistakes that will end up costing you.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.