Articles in this section

Let's Encrypt notifications are still sent after a domain was deleted in Plesk

Leo Mastropierro
Updated
kb: bug Plesk for Linux ext: le ABT: Group A

Applicable to:

  • Plesk for Linux

Symptoms

  • A domain secured with Let's Encrypt was removed from the server.

  • Let's Encrypt notifications about the domain are still sent to the customer's email that was used to issue the certificate.

  • Either the directory /usr/local/psa/var/modules/sslit/etc/live/example.com/ exists on the server and/or the certificate has entries present in the database:

    # plesk db "SELECT id, cert_file, ca_file FROM certificates WHERE name LIKE '%example.com%'"
    +----+------------------------+------------------------+
    | id | cert_file | ca_file |
    +----+------------------------+------------------------+
    | 7 | scfnajlpe0d9vj56hg58X3 | scf4chmefdk7jtb0vZ3Db3 |
    | 11 | scfhde2v76tuj017y4H75G | scflmv9cforkqav71SfoL1 |
    +----+------------------------+------------------------+

Cause

This was identified as a bug with ID EXTLETSENC-643 that produces leftover files for certificates after domain removal.

Resolution

Will be fixed in future Plesk update. Until the bug is fixed remove the certificate leftovers from the server:

  1. Connect to the server via SSH

  2. Move or delete the /usr/local/psa/var/modules/sslit/etc/live/example.com/ directory:

    # mv /usr/local/psa/var/modules/sslit/etc/live/example.com/ ~/

  3. Move or delete any files that mention the domain in the ./orders folder

    # for i in $(grep -irl "example.com" /usr/local/psa/var/modules/letsencrypt/orders/); do mv $i ~/; done

  4. If any records exist in the database, remove them as well:

    # plesk db "DELETE FROM certificates WHERE name='Lets Encrypt example.com'"

Note: Notifications are sent with a one-day delay, so a notification may still be sent after applying the solution.

Was this article helpful?

Comments

4 comments
Date Votes
  • Avatar
    Qhiliqq

    Still getting the same mails every day.

    Maybe it's a problem between letsencrypt extension and sslit extension?
    Cause sslit/orders doesn't exists, it's letsencrypt/orders.

    Maybe re-check this combination.

    1
  • Avatar
    Pablo Alvarez

    Qhiliqq The article has been updated. Thank you.

    0
  • Avatar
    Maarten Machiels

    Please note that the notifications with the subject line "Could not issue/renew Let`s Encrypt certificates for Client Name" do not contain an unsubscribe link like is suggested in this article. Is there a timeline on a structural fix?

    1
  • Avatar
    Pablo Alvarez

    Maarten Machiels Thank you. The article has been updated. There is no ETA at the time.

    0

Please sign in to leave a comment.