Matomo Analytics

This is very easy, first, make sure your website is working with your server. Point the A records (for IPv4) and AAAA records (optionally, for IPv6) to your server for your domain, then you can go to your website in Ploi and select "SSL" on the left-hand side.

By default, Let's Encrypt is selected in the dropdown, you will be prompted for which domains you want to request, usually, this is pre-filled so you can just click "Save" to get the certificate from LetsEncrypt.

If this process fails, we will detect this and send you an e-mail about it containing the error, Ploi will also automatically open up a modal with the error. 95% of the cases that a certificate is failed to be requested is due to the fact that the DNS record is not been set up correctly on your server.

Ploi also sets up your server for automatic renewals, you will find this specific cronjob in the /etc/crontab file.

Using IPv6 with Let's Encrypt certificates

Let's Encrypt fully supports IPv6 for domain validation and accessing the ACME API. When validating domains with both IPv4 (A records) and IPv6 (AAAA records), Let's Encrypt will prefer using the IPv6 address first.

To ensure successful certificate issuance when using IPv6:

  1. Make sure your IPv6 configuration is correct and the server with the AAAA record can respond to the Let's Encrypt validation challenges.

  2. If your IPv6 address points to a different server than your IPv4 address, ensure both servers are properly configured to respond to Let's Encrypt's validation challenges.

  3. If you're experiencing validation issues with IPv6, verify that your webserver is correctly configured and accessible via IPv6.

Note: Unlike our previous requirement to remove AAAA records before requesting a certificate, Ploi now officially supports IPv6 for certificate issuance. This allows you to maintain both IPv4 and IPv6 addresses while still obtaining Let's Encrypt certificates.

Cloudflare users

You are not able to request an SSL certificate if you have the proxy on (orange cloud should be gray). You can disable this and then wait 15 minutes, after that request a new SSL certificate. Once that completes you can re-enable the proxy. After that, you can always leave the proxy on, even for renewals this is no problem.

Note: If you're using DNS provider to request a certificate, you can leave the proxy on (orange cloud).

Troubleshooting IPv6 certificate issues

If you experience validation issues with your certificate while using IPv6:

  1. Verify that your IPv6 address is correctly pointing to your server

  2. Ensure your firewall allows incoming connections over IPv6

  3. Check that your web server is properly configured to handle IPv6 requests

  4. Confirm that your domain's AAAA records match the actual IPv6 address used by your server

If problems persist, you can temporarily disable IPv6 by removing the AAAA records, request your certificate, and then re-add your IPv6 records once the certificate is issued.

Dennis Smink

Written by Dennis Smink

Dennis brings over 6 years of hands-on experience in server management, specializing in optimizing web services for scalability and security.

Twitter LinkedIn
Back to SSL

Related articles

How do I request a ZeroSSL certificate?

To start, you'll need a ZeroSSL account which you can create here (ZeroSSL is completely free,...

My Let's Encrypt certificate is not renewing automatically

Once you install a server with Ploi, Ploi will make sure to set up to automatically renew your certi...

Start free trial