Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
- Let's Encrypt SSL certificates are not renewed automatically
Cause
The Keep Secured option is not set in Plesk > Service Plans > SERVICE_PLAN_NAME > Additional Services tab > SSL It! dropdown (or is not enabled in Domains > example.com > SSL/TLS Certificates) for the domains that are not getting automatic SSL renewals
Let's Encrypt will try to renew all domains name which should be secured based on having the Keep Secured setting enabled or disabled. The domains that have the setting disabled may not have their Let's Encrypt SSL certificates renewed automatically.
Resolution
Click on a section to expand
2. Go to Service Plans > SERVICE_PLAN_NAME > Additional Services tab
3. Select Keep websites secured with free SSL/TLS Certificates from the SSL It! dropdown
4. Press Update & Sync
2. Go to Domains > example.com > SSL/TLS Certificates
3. Move the Keep websites secured slider to the right
Comments
2 comments
I've Keep websites secured enabled and domain settings shows that is valid and will be renewed automatically, but it's not renewed, I must do it manually every 3 months and enter the challenge key to the DNS.
This article is contradictory to the information we received in a Plesk support ticket which states that “Keep websites secured” option is not necessary for Let's Encrypt certificates to be renewed.
The UI and experience also indicates that LE certificates do get auto-renewed by Plesk / SSL It! extension with “Keep websites secured” off.
Furthermore, “Admin Simple” plan has this option off by default, and (on applicable Plesk Editions) cannot be edited (at the plan level).
In short, this article appears to be wrong, or else the conditions under which it is accurate need to be elaborated.
Please sign in to leave a comment.