My host provisions my server with Plesk Onyx, which appears capable of using the default domain cert to protect a mail subdomain as a standard function. I added your certificates to several domains and enabled this function, but the webmail pages are not protected. Will your certificate protect a webmail subdomain? Maybe I missed a step in ordering the certificate, or have you had other questions about the Plesk software? Thanks.
Hi @ericinLA, do you mean to say that you got certificates for something like example.com and you would like to protect webmail.example.com as well?
For a certificate to be accepted for a domain, it needs to explicitly cover that specific domain within the certificate. So you would need to explicitly request a certificate for webmail.example.com in order to protect it (which can be requested in the same certificate with example.com, if you like, but it must be explicitly asked for in order to be included). That would also mean that you need to prove to the CA that you control that subdomain, which could potentially be done in the same way that you proved control of the other names, as long as the webmail server is running on the same machine that answers web requests for the other sites.
(Otherwise, you could use something like the DNS challenge, where you create CA-requested DNS records to prove that you control the domain name, but this might be much more technically complex.)
Where I wrote webmail.example.com, read mail.example.com. 
Do you know anything about your plugin? In the Plesk interface, there is no provision for assigning anything other than the primary domain. So you cannot set, for example, mail.domain.com through the GUI. Otherwise, we’d need to manually update the various subdomains every three months.
FWIW, the Plesk plugin is a third-party plugin developed by Plesk, not the certbot team.
It looks like their plugin has some limitations right now (see for example Issue #28 and Issue #64). There’s probably no way for you to do this with their plugin until they implement these features. There are other ways you could go about obtaining certificates for those other domains and configuring your server to use them, but they’ll be a bit more involved. This thread on the Plesk Forum seems to have a possible solution. (Fair warning: I don’t use Plesk, so I’m not sure how good this solution is.)
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.