Symptoms
- Let's Encrypt SSL renewal notifications are arriving for example.com, even though the SSL Support for the domain has been disabled.
- There are no Let's Encrypt SSL certificates for example.com in Plesk UI.
- Renewal attempts for webmail.example.com can be found in
/var/log/plesk/panel.log:
Detail: 203.0.113.2: Invalid response from http://webmail.example.com/.well-known/acme-challenge/b_IfubfmbTz_ea_eT4GAIaG3AyoFVy4i9v0hN80dRRc: 404
[2024-05-27 04:30:07.519] 32365:6653f02984da3 ERR [extension/letsencrypt] Domain validation failed for webmail.example.com: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/355939028122.
Cause
There are leftover entries of the Let's Encrypt SSL order for example.com in the SSL It! extension's database.
Resolution
1. Access the server over SSH.
2. Access the Plesk database with this command:
# plesk db
3. Obtain the certificate repository ID of the domain with the following query:
MYSQL_LIN: select cert_rep_id from domains where name='example.com';
4. Obtain the certificate ID by executing the following query:
MYSQL_LIN: select d.name as dom, c.name as cert, c.id as cert_id, r.rep_id from certificates c, domains d, Repository r where d.cert_rep_id = r.rep_id and r.component_id=c.id and r.rep_id=x;
Note: Replace the value of 'x' for r.rep_id with the actual repository ID found in the previous step.
5. Backup the SSL It! extension's database with this command:
# cp -a /usr/local/psa/var/modules/sslit/sslit.sqlite3 /usr/local/psa/var/modules/sslit/sslit.sqlite3-bkp
6. Access the SSL It! extension database:
# sqlite3 /usr/local/psa/var/modules/sslit/sslit.sqlite3
7. Check for SSL orders associated with the certificate ID obtained in step 4:
MYSQL_LIN: select * from Orders where certificateId=y;
NOTE: Replace 'y' with the actual certificateId found in step 4.
8. If any entries are found, delete them with the following query:
MYSQL_LIN: DELETE FROM Orders WHERE certificateId=y;
Comments
Please sign in to leave a comment.