Applicable to:
- Plesk for Linux
Symptoms
-
Let's Encrypt auto-renew task is not working for Plesk or a domain.
-
Plesk log
/var/log/plesk/panel.logcontains following entries with debug being enabled:CONFIG_TEXT: INFO [extension/letsencrypt] Check if Panel or Mail Server is secured by Let's Encrypt certificate...
INFO [extension/letsencrypt] Panel or Mail Server is not secured by Let's Encrypt certificate.
Cause
Let's Encrypt extension bug #EXTLETSENC-483 (Cannot auto-renew certificates in Plesk if they were renamed previously) which is planned to be fixed in future product updates.
Let's Encrypt auto-renew feature relies on certificate names and does not recognize certificate names other than Lets Encrypt example.com.
Resolution
Until a fix became available, as workaround, renew the certificate manually:
for securing Plesk:
- Log into Plesk.
- Renew the certificate manually in Tools & Settings > SSL/TLS Certificates > + Let's Encrypt:
for securing a particular domain:
- Log into Plesk.
- Renew this certificate manually from Domains > example.com > SSL/TLS Certificates > Get it free.
Comments
14 comments
Any clue on when this will be fixed? As for the past i've told all my customers to ignore the emails from let's encrypt because it's just a reminder that the certificate will be renewed, I'm getting a lot of annoyed emails about SSL errors every day.
@Mark Wijsman,
There is no ETA at the moment.
I do recommend applying the workaround until the bug is fixed.
Hello, any news ?
Hello @Betafer
The fix is planned to be implemented in the next major release of extension, however there is no exact ETA for it currently.
Any update?
your workaround doesn't work if you have a lot of domains!
The email has no information about what domain is expired/having problems...
At least, you could add what domain is not renovating
version 2.9.0 seems to have corrected this bug ?
[-] Auto-renew of SSL/TLS certificates no longer fails after a secured domain or subdomain was renamed. (EXTLETSENC-768)
Hi Ariel Lipschutz,
It is still planned for the next major release of the extension, but no ETA yet :(
Hi Pierre Lauret,
No, it's not yet fixed as the bug you're pointing out is another one.
Any update on this issue? It is really annoying.
Hello Kevin Mamaqi
The recent reply of my colleague is still actual: the exact ETA is to be available later.
As soon as there'll be any news, the article will be updated.
I am now getting this notice on some sites every 48 hours on v.2.9.0-611. I can't run a business this way.
At this point I need to know how to downgrade both Plesk and Let's Encrypt to something that works.
Hello David / Curtis
The issue from this article happens with renamed certificates only.
Most probably you have another root cause and investigation of your issue is required. Plesk downgrade is an impossible operation.
Could you submit a request to Plesk support for additional investigation?
The strange thing is that
I hope these bugs will be fixed in order to get an automatic renewal
This is an absolutely disastrous bug. Why isn't it top priority?
Hello Matt Kennedy
This ticket has quite high priority internally and it will be fixed. Stay tuned for Plesk change logs updates.
Please sign in to leave a comment.