I’d like to get a certificate for a domain (domain.com). However my hosting provider doesn’t not provide an out-of-the-box functionality to get certificates from Let’s Encrypt. PHP sites are supported.
In order to obtain a certificate and ensure proper renewal, which option is suggested (using a website, an application or a PHP site)?
In addition, I have a subdomain (subdomain.domain.com) and I use domain forward (domain.gr >> domain.com). Should I specify any subdomain as alternative name? Should I also specifify the domain forward
as alternative name? Should a wildcard (*.domain.com) certificate be used?
Regarding alternatives/SANs, should I choose that approach or a wildcard certificate?
What do you mean by setup/upgrade approach?
On the client options, I see tools, websites and PHP sites as options for initial setup and renewal, but I don’t know the suggested one
I also have a NAS (storage) device that supports Let’s Encrypt, so I do have that option also.
My hosting provider is Papaki.com, who uses Plesk (without direct support for Let’s Encrypt) and hosts my domains’ DNS entries.
SANs and wildcard are not mutually exclusive - one of the SANs can be a wildcard. It’s up to you which you want to use. Generally, it’s better to avoid wildcards and just to use normal domain SANs, especially if you only have a few names.
The problem with shared hosting like Plesk, is that unless the Plesk Let’s Encrypt plugin is setup, you are more or less stuck manually issuing and installing the certificate every 60-90 days. It’s much better when you are using web hosting with native support for Let’s Encrypt.
You can use something like ZeroSSL or gethttpsforfree to manually issue a certificate that you can manually install to Plesk. I am not aware of any ACME client that supports integrating with Plesk externally, unfortunately.
The critical parts that are missing from all of those clients:
Automatically performing HTTP/DNS challenges against your Plesk service (uploading challenge files to your webroot, setting challenge DNS records)
Calling the Plesk API to install the certificate
Yes, there are many ACME clients that you could use, however the crucial part is the above. I don’t know of anything other than the official Plesk Let’s Encrypt plugin that integrates with Plesk like that.
If you have some programming/scripting chops then you could extend those clients to do that, but I doubt any of them can do it out of the box.
When using a website (gethttpsforfree.com, zerossl.com, sslforfree.com or easy.zhetao.com) for LE certificate issuing, what will be the renewal process?
If there isn’t any and if custom/PHP pages are not an easy alternative, the best option seems to be issuing a certificate from my NAS device.
