SSL/TLS Certificate Signing Request via Let's Encrypt

[fallbork]

TL;DR: How should one follow through with additional CSRs created via Plesk when submitting them to CAs? Webroot seems to be unavailable due to nginx blocking access to /.well-known/acme-challenge.



Hey!
I apologize if this question has been asked before in the forums, but I could not find a proper answer to what I've been looking for after a day or two of messing around with things. I would like to know what would be the correct way to get a CSR emitted via Plesk to be signed from a CA like Let's Encrypt.

After looking through the wiki, I found out that we're using SSL It! to automatically generate SSL certificates for our websites, and that's great! But I'd like to issue a second certificate, separate from the one used by the website (for security reasons) for me to use on TLS authorization during connections in my applications. They currently run in my own computer (since I don't own a VPS yet), and it would be nice to be able to validate that I'm indeed connecting to the right server, which would be impossible with a self-signed certificate.

Thing is, with the old cPanel (after verifying in Ashoat's old GitHub heliohost-wiki repo - Link), it was possible to create a /.well-known/acme-challenge/<requested-file> path that was publicly accessible - and therefore, would pass the webroot challenge of ACME clients like certbot. After the move to Plesk, and I assume with the advent of other changes, nginx has been set to forbid access to the acme-challenge path and throw a 403, and I'm unaware if there is a way to properly allow access to files within that path.

I appreciate the time you guys put into reading this wall of text (I've put a little TL;DR up there if it ends up being a lot..), and I'm welcome to both suggestions and opinions as to what I should be doing, and most importantly: should NOT be doing 😄

- Fallbork

Edited 18 hours ago by fallbork
Grammar mistakes