Applicable to:
- Plesk for Linux
Symptoms
-
Let's Encrypt auto-renew task is not working for Plesk or a domain.
-
Plesk log
/var/log/plesk/panel.logcontains following entries with debug being enabled:CONFIG_TEXT: INFO [extension/letsencrypt] Check if Panel or Mail Server is secured by Let's Encrypt certificate...
INFO [extension/letsencrypt] Panel or Mail Server is not secured by Let's Encrypt certificate.
Cause
Let's Encrypt extension bug #EXTLETSENC-483 (Cannot auto-renew certificates in Plesk if they were renamed previously) which is planned to be fixed in future product updates.
Let's Encrypt auto-renew feature relies on certificate names and does not recognize certificate names other than Lets Encrypt example.com.
Resolution
Until a fix became available, as workaround, renew the certificate manually:
for securing Plesk:
- Log into Plesk.
- Renew the certificate manually in Tools & Settings > SSL/TLS Certificates > + Let's Encrypt:
for securing a particular domain:
- Log into Plesk.
- Renew this certificate manually from Domains > example.com > SSL/TLS Certificates > Get it free.
Comments
17 comments
Any clue on when this will be fixed? As for the past i've told all my customers to ignore the emails from let's encrypt because it's just a reminder that the certificate will be renewed, I'm getting a lot of annoyed emails about SSL errors every day.
@Mark Wijsman,
There is no ETA at the moment.
I do recommend applying the workaround until the bug is fixed.
Hello, any news ?
Hello @Betafer
The fix is planned to be implemented in the next major release of extension, however there is no exact ETA for it currently.
Any update?
your workaround doesn't work if you have a lot of domains!
The email has no information about what domain is expired/having problems...
At least, you could add what domain is not renovating
version 2.9.0 seems to have corrected this bug ?
[-] Auto-renew of SSL/TLS certificates no longer fails after a secured domain or subdomain was renamed. (EXTLETSENC-768)
Hi Ariel Lipschutz,
It is still planned for the next major release of the extension, but no ETA yet :(
Hi Pierre Lauret,
No, it's not yet fixed as the bug you're pointing out is another one.
Any update on this issue? It is really annoying.
Hello Kevin Mamaqi
The recent reply of my colleague is still actual: the exact ETA is to be available later.
As soon as there'll be any news, the article will be updated.
I am now getting this notice on some sites every 48 hours on v.2.9.0-611. I can't run a business this way.
At this point I need to know how to downgrade both Plesk and Let's Encrypt to something that works.
Hello David / Curtis
The issue from this article happens with renamed certificates only.
Most probably you have another root cause and investigation of your issue is required. Plesk downgrade is an impossible operation.
Could you submit a request to Plesk support for additional investigation?
The strange thing is that
I hope these bugs will be fixed in order to get an automatic renewal
This is an absolutely disastrous bug. Why isn't it top priority?
Hello Matt Kennedy
This ticket has quite high priority internally and it will be fixed. Stay tuned for Plesk change logs updates.
any news after so many month? :-|
Hi!
I have 3 servers on Plesk. 2 servers have this problem with all domains.
Please fix urgently.
This bug is such a pain point for us. We need our mail server to remain secured. Having to set reminders to go back in and manually renew the Mail certificate before it expires - and if not finding mail servers have gone down/mail rejected (and this is across multiple plesk servers).
Renewing manually is awful - there is no individual update button per item (Plesk or Mail) - there is no date saying when the certficate(s) expires/expired - the add button doesn't let you choose which (Plesk or The Mail Server) to add the new certificate to - it just adds it to Plesk - and if you don't rename it from the default, adding again doesn't add - it just overwrites the first cert with the different url - rather than creating a second. So you have to go through this horrendous process (all we can find that works) on the SSL/TLS Certificates page of setting both (plesk and mail) to default certificate, deleting the two you had, click add for the mail server with a url of mail.mydomain.com, then rename it to Mail SSL, then unassign it from Plesk, so that you can then assign it Mail, then click add again with a url of mydomain.com for the Plesk one.
Why on earth we are having to do this manually with Plesk installed. This bug seems to have been around for so long now and is making us seek alternatives to Plesk.
Please sign in to leave a comment.