diff --git a/docs/security-tuning.md b/docs/security-tuning.md
index f3f3ba6c7..614e82304 100644
--- a/docs/security-tuning.md
+++ b/docs/security-tuning.md
@@ -166,7 +166,7 @@ Here is the list of related settings :
 |    `LETS_ENCRYPT_DNS_PROVIDER`     |                          | The DNS provider to use for DNS challenges.                                                                                                                                   |
 |   `LETS_ENCRYPT_DNS_PROPAGATION`   |        `default`         | The time to wait for DNS propagation in seconds for DNS challenges.                                                                                                           |
 | `LETS_ENCRYPT_DNS_CREDENTIAL_ITEM` |                          | Configuration item that will be added to the credentials.ini file for the DNS provider (e.g. 'cloudflare_api_token 123456') for DNS challenges.                               |
-|    `USE_LETS_ENCRYPT_WILDCARD`     |           `no`           | Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains.                                                                 |
+|    `USE_LETS_ENCRYPT_WILDCARD`     |           `no`           | Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains. (Only available with DNS challenges)                            |
 |     `USE_LETS_ENCRYPT_STAGING`     |           `no`           | Use the staging environment for Let’s Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment. |
 |   `LETS_ENCRYPT_CLEAR_OLD_CERTS`   |           `no`           | Clear old certificates when renewing.                                                                                                                                         |
 
@@ -175,6 +175,9 @@ Here is the list of related settings :
 
     - If no `LETS_ENCRYPT_DNS_PROPAGATION` setting is set, the provider's default propagation time will be used.
 
+!!! warning "Wildcard certificates"
+    Wildcard certificates are only available with DNS challenges. If you want to use them, you will need to set the `USE_LETS_ENCRYPT_WILDCARD` setting to `yes`.
+
 **Available DNS Providers**
 
 | Provider       | Description     | Mandatory Settings                                                                                 | Link(s)                                                                               |
diff --git a/docs/settings.md b/docs/settings.md
index e95411ae4..a12793c5e 100644
--- a/docs/settings.md
+++ b/docs/settings.md
@@ -368,7 +368,7 @@ Automatic creation, renewal and configuration of Let's Encrypt certificates.
 | `LETS_ENCRYPT_DNS_PROVIDER`        |           | multisite | no       | The DNS provider to use for DNS challenges.                                                                                                                                   |
 | `LETS_ENCRYPT_DNS_PROPAGATION`     | `default` | multisite | no       | The time to wait for DNS propagation in seconds for DNS challenges.                                                                                                           |
 | `LETS_ENCRYPT_DNS_CREDENTIAL_ITEM` |           | multisite | yes      | Configuration item that will be added to the credentials.ini file for the DNS provider (e.g. 'cloudflare_api_token 123456') for DNS challenges.                               |
-| `USE_LETS_ENCRYPT_WILDCARD`        | `no`      | multisite | no       | Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains.                                                                 |
+| `USE_LETS_ENCRYPT_WILDCARD`        | `no`      | multisite | no       | Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains. (Only available with DNS challenges)                            |
 | `USE_LETS_ENCRYPT_STAGING`         | `no`      | multisite | no       | Use the staging environment for Let’s Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment. |
 | `LETS_ENCRYPT_CLEAR_OLD_CERTS`     | `no`      | global    | no       | Clear old certificates when renewing.                                                                                                                                         |
 
diff --git a/src/common/core/letsencrypt/plugin.json b/src/common/core/letsencrypt/plugin.json
index d73f3efce..7466c6318 100644
--- a/src/common/core/letsencrypt/plugin.json
+++ b/src/common/core/letsencrypt/plugin.json
@@ -81,7 +81,7 @@
     "USE_LETS_ENCRYPT_WILDCARD": {
       "context": "multisite",
       "default": "no",
-      "help": "Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains.",
+      "help": "Create wildcard certificates for all domains. This allows a single certificate to secure multiple subdomains. (Only available with DNS challenges)",
       "id": "use-lets-encrypt-wildcard",
       "label": "Wildcard Certificates",
       "regex": "^(yes|no)$",
diff --git a/src/ui/app/static/js/pages/setup.js b/src/ui/app/static/js/pages/setup.js
index 31ed4d9ed..a17e14f99 100644
--- a/src/ui/app/static/js/pages/setup.js
+++ b/src/ui/app/static/js/pages/setup.js
@@ -719,6 +719,92 @@ $(document).ready(() => {
   //   }
   // });
 
+  $("#LETS_ENCRYPT_CHALLENGE").on("change", function () {
+    const challenge = $(this).find(":selected").val();
+    const $wildcardCheckbox = $("#USE_LETS_ENCRYPT_WILDCARD");
+    const $dnsProvider = $("#LETS_ENCRYPT_DNS_PROVIDER");
+    const $dnsPropagation = $("#LETS_ENCRYPT_DNS_PROPAGATION");
+    const $dnsCredentialItems = $("#LETS_ENCRYPT_DNS_CREDENTIAL_ITEMS");
+
+    if (challenge === "http") {
+      $wildcardCheckbox.prop("checked", false).prop("disabled", true);
+      $wildcardCheckbox
+        .closest(".col-4")
+        .attr("data-bs-toggle", "tooltip")
+        .attr("data-bs-placement", "top")
+        .attr(
+          "data-bs-original-title",
+          "Wildcard certificates are only supported with DNS challenges.",
+        )
+        .tooltip();
+
+      $dnsProvider.prop("disabled", true);
+      $dnsProvider
+        .parent()
+        .attr("data-bs-toggle", "tooltip")
+        .attr("data-bs-placement", "top")
+        .attr(
+          "data-bs-original-title",
+          "DNS provider is only supported with DNS challenges.",
+        )
+        .tooltip();
+
+      $dnsPropagation.prop("disabled", true);
+      $dnsPropagation
+        .parent()
+        .attr("data-bs-toggle", "tooltip")
+        .attr("data-bs-placement", "top")
+        .attr(
+          "data-bs-original-title",
+          "DNS propagation is only supported with DNS challenges.",
+        )
+        .tooltip();
+
+      $dnsCredentialItems.prop("disabled", true);
+      $dnsCredentialItems
+        .parent()
+        .attr("data-bs-toggle", "tooltip")
+        .attr("data-bs-placement", "top")
+        .attr(
+          "data-bs-original-title",
+          "Credentials are only supported with DNS challenges",
+        )
+        .tooltip();
+    } else {
+      $wildcardCheckbox.prop("disabled", false);
+      $wildcardCheckbox
+        .closest(".col-4")
+        .attr("data-bs-toggle", null)
+        .attr("data-bs-placement", null)
+        .attr("data-bs-original-title", null)
+        .tooltip("dispose");
+
+      $dnsProvider.prop("disabled", false);
+      $dnsProvider
+        .parent()
+        .attr("data-bs-toggle", null)
+        .attr("data-bs-placement", null)
+        .attr("data-bs-original-title", null)
+        .tooltip("dispose");
+
+      $dnsPropagation.prop("disabled", false);
+      $dnsPropagation
+        .parent()
+        .attr("data-bs-toggle", null)
+        .attr("data-bs-placement", null)
+        .attr("data-bs-original-title", null)
+        .tooltip("dispose");
+
+      $dnsCredentialItems.prop("disabled", false);
+      $dnsCredentialItems
+        .parent()
+        .attr("data-bs-toggle", null)
+        .attr("data-bs-placement", null)
+        .attr("data-bs-original-title", null)
+        .tooltip("dispose");
+    }
+  });
+
   // Before Unload Event to Warn Users About Unsaved Changes
   $window.on("beforeunload", function (e) {
     const message =
diff --git a/src/ui/app/templates/setup.html b/src/ui/app/templates/setup.html
index de8625308..863f37d89 100644
--- a/src/ui/app/templates/setup.html
+++ b/src/ui/app/templates/setup.html
@@ -459,7 +459,7 @@
                                                                {% if lets_encrypt_staging == "yes" %}checked{% endif %} />
                                                     </div>
                                                 </div>
-                                                <div class="col-4 pb-3">
+                                                <div class="col-4 pb-3"{% if lets_encrypt_challenge == 'http' %} data-bs-toggle="tooltip" data-bs-placement="top" data-bs-original-title="Wildcard certificates are only supported with DNS challenges."{% endif %}>
                                                     <div class="d-flex justify-content-between align-items-center">
                                                         <label id="label-USE_LETS_ENCRYPT_WILDCARD"
                                                                for="USE_LETS_ENCRYPT_WILDCARD"
@@ -490,7 +490,8 @@
                                                                type="checkbox"
                                                                role="switch"
                                                                aria-labelledby="label-USE_LETS_ENCRYPT_WILDCARD"
-                                                               {% if lets_encrypt_wildcard == "yes" %}checked{% endif %} />
+                                                               {% if lets_encrypt_wildcard == "yes" %}checked{% endif %}
+                                                               {% if lets_encrypt_challenge == 'http' %}disabled{% endif %}/>
                                                     </div>
                                                 </div>
                                                 <div class="col-md-6 pb-3">
@@ -563,7 +564,7 @@
                                                         </option>
                                                     </select>
                                                 </div>
-                                                <div class="col-md-6 pb-3">
+                                                <div class="col-md-6 pb-3"{% if lets_encrypt_challenge == 'http' %} data-bs-toggle="tooltip" data-bs-placement="top" data-bs-original-title="DNS provider is only supported with DNS challenges."{% endif %}>
                                                     <div class="d-flex justify-content-between align-items-center">
                                                         <label id="label-LETS_ENCRYPT_DNS_PROVIDER"
                                                                for="LETS_ENCRYPT_DNS_PROVIDER"
@@ -590,7 +591,8 @@
                                                     <select id="LETS_ENCRYPT_DNS_PROVIDER"
                                                             name="LETS_ENCRYPT_DNS_PROVIDER"
                                                             class="form-select mt-1"
-                                                            aria-labelledby="label-LETS_ENCRYPT_DNS_PROVIDER">
+                                                            aria-labelledby="label-LETS_ENCRYPT_DNS_PROVIDER"
+                                                            {% if lets_encrypt_challenge == 'http' %}disabled{% endif %}>
                                                         <option value="" {% if not lets_encrypt_dns_provider %}selected{% endif %}></option>
                                                         <option value="cloudflare"
                                                                 {% if lets_encrypt_dns_provider == "cloudflare" %}selected{% endif %}>
@@ -650,7 +652,7 @@
                                                         </option>
                                                     </select>
                                                 </div>
-                                                <div class="col-md-6 pb-3">
+                                                <div class="col-md-6 pb-3"{% if lets_encrypt_challenge == 'http' %} data-bs-toggle="tooltip" data-bs-placement="top" data-bs-original-title="DNS propagation is only supported with DNS challenges."{% endif %}>
                                                     <div class="d-flex justify-content-between align-items-center">
                                                         <label id="label-LETS_ENCRYPT_DNS_PROPAGATION"
                                                                for="LETS_ENCRYPT_DNS_PROPAGATION"
@@ -680,9 +682,10 @@
                                                            value="{{ lets_encrypt_dns_propagation }}"
                                                            class="form-control plugin-setting mt-1"
                                                            aria-labelledby="label-LETS_ENCRYPT_DNS_PROPAGATION"
-                                                           pattern="^(default|\d+)$" />
+                                                           pattern="^(default|\d+)$"
+                                                           {% if lets_encrypt_challenge == 'http' %}disabled{% endif %} />
                                                 </div>
-                                                <div class="col-12 pb-3">
+                                                <div class="col-12 pb-3"{% if lets_encrypt_challenge == 'http' %} data-bs-toggle="tooltip" data-bs-placement="top" data-bs-original-title="Credentials are only supported with DNS challenges."{% endif %}>
                                                     <div class="d-flex justify-content-between align-items-center">
                                                         <label id="label-LETS_ENCRYPT_DNS_CREDENTIAL_ITEMS"
                                                                for="LETS_ENCRYPT_DNS_CREDENTIAL_ITEMS"
@@ -702,7 +705,8 @@
                                                               name="LETS_ENCRYPT_DNS_CREDENTIAL_ITEMS"
                                                               class="form-control plugin-setting mt-1"
                                                               aria-labelledby="label-LETS_ENCRYPT_DNS_CREDENTIAL_ITEMS"
-                                                              pattern="^.*$"></textarea>
+                                                              pattern="^.*$"
+                                                              {% if lets_encrypt_challenge == 'http' %}disabled{% endif %}></textarea>
                                                 </div>
                                                 <h6 class="mt-2 mb-2 fw-bold">Custom certificate</h6>
                                                 <div class="col-12 col-md-2 pb-3">