How protect 2 subdomains with 1 certificate Olesk Onyx


Please fill out the fields below so we can help you better.

My domain

I ran this command:

It produced this output:

My web server is (include version):Apache 2.4 ¨Nginx

The operating system my web server runs on is (include version):Centos

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Plesk Onyx

I use Letsencrypt for my domain The certificate also protect the www sub. But we use another one for the mail. How can we protect that sub also with the same certificate


That depends…
Do all three names go to the same system?

They return different IPs:
Addresses: 2400:cb00:2048:1::6818:7bc3
Addresses: 2400:cb00:2048:1::6818:7ac3

The first two seem to be on CloudFlare and provide IPv6 addresses (which may introduce some complexity)


An LE cert was issued 5 days ago covering:

Did that not solve this problem?



Ipv6 is not used. The third subis and goes to the same IP and is not protected by cloudflare because them mail will not work. It only use the cloudflare dns



No it does not cover



So, if all three names go to the same system, then it should be straight forward (as if CloudFlare wasn’t even there).

Plesk Onyx

Does the mail system already have a cert?


The mail server is protected by cert. But because I must use as in and outgoing server I always get the Should you use this cert question



Well you managed to get 3 names on the existing cert:

Why can’t you just add a 4th name?


Probably that the PLESK api for Letsencrypt let me add a domain name and a www sub. Then you can set which cert that should protect the mail server. But it only protect the mailserver as not as I cant use because it is proxied by cloudflare and will not work as mailserver setting.

The solution seems to be to either stop using cloudflare or stop using Letsencrypt and buy a wildcard cert instead



If you can solve it with a wildcard cert, then you should be able to solve it with a 4 named (SAN) cert.
Can’t you just add all the names?


I have no clue how to do it even if I am aware of SAN



You managed to do 3 SANs on one cert.

Just add one more name to that list in your procedure.


I think we stop this discussion, because as I said the API do that it self

I will use a wildcard cert to sol the problem.



Maybe someone else will read this thread and have more input.
US eastern time zone will be daylight soon.
Please understand that I don’t work for Let’s Encrypt nor for Plesk.
I’m just a community member…
Trying to help out.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.