Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: tac.email
I ran this command: install script through plesk
It produced this output: Started issuing a wildcard SSL/TLS certificate from Let's Encrypt for the domain tac.email.
Please wait while Plesk finishes adding a DNS record with the following parameters:
Record type: TXT
Domain name: _acme-challenge.tac.email
Record: 3DzlkkU4sfke3TfRnz19C4BPH0wYuiphJBPGCnsyS4A
To terminate and delete the existing certificate request, click "Cancel".
my question is why do I keep getting certificate not valid when I visit the domain, and about the wild card, i don't know, I am new to this, all I did was install it through the plesk control panel and the error above is what I get when trying to install, that's my problem
[2023-04-18 20:26:10.238] 102274:643efce2396dc ERR [extension/letsencrypt] The execution of cli.php has failed with the following message: [2023-04-18 20:26:10.198] 102279:643efce15fc9d ERR [extension/letsencrypt] Domain validation failed for www.tac.email: Failed to retrieve authorization for 'www.tac.email' [2023-04-18 20:26:10.205] 102279:643efce15fc9d ERR [extension/letsencrypt] Domain validation failed: Failed to retrieve authorization for 'www.tac.email' Failed to retrieve authorization for 'www.tac.email' The execution of cli.php has failed with the following message: [2023-04-18 20:26:10.198] 102279:643efce15fc9d ERR [extension/letsencrypt] Domain validation failed for www.tac.email: Failed to retrieve authorization for 'www.tac.email' [2023-04-18 20:26:10.205] 102279:643efce15fc9d ERR [extension/letsencrypt] Domain validation failed: Failed to retrieve authorization for 'www.tac.email' Failed to retrieve authorization for 'www.tac.email'
Because your server is not serving a issued certificate; this certificate is self signed.
Please configure your server to use the issue certificate and restart the server or the service.
$ openssl s_client -showcerts -servername tac.email -connect tac.email:443 < /dev/null
CONNECTED(00000003)
depth=0 C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
verify error:num=18:self-signed certificate
verify return:1
depth=0 C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
verify return:1
---
Certificate chain
0 s:C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
i:C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Apr 17 04:49:21 2023 GMT; NotAfter: Apr 16 04:49:21 2024 GMT
-----BEGIN CERTIFICATE-----
MIIDejCCAmKgAwIBAgIEZDzP0TANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJD
SDEVMBMGA1UEBwwMU2NoYWZmaGF1c2VuMQ4wDAYDVQQKDAVQbGVzazEOMAwGA1UE
AwwFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMB4XDTIzMDQx
NzA0NDkyMVoXDTI0MDQxNjA0NDkyMVowYzELMAkGA1UEBhMCQ0gxFTATBgNVBAcM
DFNjaGFmZmhhdXNlbjEOMAwGA1UECgwFUGxlc2sxDjAMBgNVBAMMBVBsZXNrMR0w
GwYJKoZIhvcNAQkBFg5pbmZvQHBsZXNrLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKAZSKvIJxJc74GukJiM2jTVPOBNtqlc8Vu+oCn2kA/40K/C
3BQlVxAaKNCQB+aL8FDplKfQicCuwa5AWW8WWuvnfWVDPqC0H/D0dKNSreNhox94
iMIL22mLh1Bom+c1c82WcuWV72BksVjILsKuT1512uJ5G8wodZFNbwHH1N1Ns743
8rEkyJZGzRxMEtdLX41pIspDGoxIZh89T6lAAYRH+9UJ/QE9BKlNKenIr2p/0CRh
xwLSegsBN/QHmDlyAd7eYg4X/kcHnvjr2zk6yxVIqP4arcXMDnSZ8WEtX0F51v1X
yD4BzIrShhCZoi6JmsQgPw0BST6h7tj06Uzyh3UCAwEAAaM2MDQwEwYDVR0lBAww
CgYIKwYBBQUHAwEwHQYDVR0OBBYEFDYuSUjPq0OBH/hAw8XqMbXY6UdPMA0GCSqG
SIb3DQEBCwUAA4IBAQAMoD7gnFHEkp9Pa1RtKowxJXmsDwbe8BOpav3Z8v53wiWZ
dDmAwr5jd1+mhtT8PR4DHEis/mLGlDN5IULQOOPmqWW1K2j+OYZePtHhC3+D1i6R
5XOb+NeWgSfexKVqG+iq+Cp7XKG9+CsLwuVKPMhcDTbRlYbYO4+q2lMtLseM6VJ7
3q+bDmoeRxXhu2uQ/bYfh78q5GFHD+113BNNxdhz/qSPBIQvys010dJIgxXvHTJM
XWGnzs0Dp3Z4DnPc8QdQqrq3SGTbtRBfWhyYkj4detDy5Ty+tAXI+yZ3z0iqMtrA
H/S43zV8+Xh+/FnvwOWsSzlz/8EOgZR8FL5hAW8n
-----END CERTIFICATE-----
---
Server certificate
subject=C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
issuer=C = CH, L = Schaffhausen, O = Plesk, CN = Plesk, emailAddress = info@plesk.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1454 bytes and written 391 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
DONE
So there are at least 2 domain names, tac.email and competent-gauss.198-71-63-158.plesk.page, presently mapping to the IPv4 Address of 198.71.63.158; that is not a problem. But make sure the server is correctly setup to get certificates for the correct domain name.