Let's Encrypt is unable to install a certificate: Install certificate failure: Unable to set certificate name

Created:

2017-02-15 12:23:55 UTC

Modified:

2017-08-08 13:13:06 UTC

5

Was this article helpful?


Have more questions?

Submit a request

Let's Encrypt is unable to install a certificate: Install certificate failure: Unable to set certificate name

Applicable to:

  • Plesk for Linux

Symptoms

The following message occurs when trying to assign Let's Encrypt certificate:

Let's Encrypt: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to 
/opt/psa/var/modules/letsencrypt/logs/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for example.com
Starting new HTTPS connection (1): 127.0.0.1
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /opt/psa/var/modules/letsencrypt/etc/keys/####_key-certbot.pem
Creating CSR: /opt/psa/var/modules/letsencrypt/etc/csr/####_csr-certbot.pem
Starting new HTTPS connection (1): 127.0.0.1
Starting new HTTPS connection (1): 127.0.0.1
Starting new HTTPS connection (1): 127.0.0.1
Install certificate failure: Unable to set certificate name :
IMPORTANT NOTES:
- Unable to install the certificate
- Congratulations! Your certificate and chain have been saved at
/opt/psa/var/modules/letsencrypt/etc/live/example.com/fullchain.pem.
Your cert will expire on YYYY-MM-DD. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"

In /opt/psa/var/modules/letsencrypt/logs/letsencrypt.log, the following can be found:

. . .
:DEBUG:letsencrypt_plesk.api_client:Plesk API-RPC request: <?xml version="1.0" ?><packet><certificate><install><name>Lets Encrypt example.com</name><site>example.com</site><content><csr/><pvt>

. . .
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgA
. . .
nh6/DNFu0Qg==
-----END CERTIFICATE-----
:DEBUG:letsencrypt_plesk.api_client:Plesk API-RPC response: <?xml version="1.0"
encoding="UTF-8"?>
<packet version="1.6.8.0">
<certificate>
<install>
<result>
<status>error</status>
<errcode>8006</errcode>
<errtext>Unable to set certificate name : </errtext>
</result>
</install>
</certificate>
</packet>
PluginError: Install certificate failure: Unable to set certificate name :

Cause

Certificate name from letsencrypt_plesk.api_client:Plesk API-RPC request: <?xml version="1.0" ?><packet><certificate><install><name>Lets Encrypt example.com</name><site>example.com</site><content><csr/><pvt> belongs to another domain name.

Resolution

1. Determine the proper domain name:

MariaDB [psa]> select c.id, c.name, r.rep_id, d.name from certificates c left join Repository r on (c.id = r.component_id) left join domains d on (r.rep_id = d.cert_rep_id) where c.name = "Lets Encrypt example.com";

+-----+-----------------------------+--------+-------------------+
| id | name | rep_id | name |
+-----+-----------------------------+--------+-------------------+
| 104 | Lets Encrypt example.com | 56 | anotherdomain.com |
+-----+-----------------------------+--------+-------------------+
1 row in set (0.00 sec)

2. Rename the certificate:

MariaDB [psa]> update certificates set  name="another name Lets Encrypt example.com" where id=104;

Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

3. Try to assign the certificate again.

Have more questions? Submit a request
Please sign in to leave a comment.