SSL certificate for Plesk domain was not renewed automatically: domain example.com has pending order to issue wildcard certificate, do not keep it secured.

Symptoms

• The Let's Encrypt SSL certificates of domains hosted on the server did not renew automatically

• With Plesk debug mode enabled, the following error can be found in the Plesk debug log  /var/log/plesk/panel.log upon running the /opt/psa/admin/plib/modules/sslit/scripts/keep-secured.php cron job:

  CONFIG_TEXT: DEBUG [extension/sslit] Domain example.com has pending order to issue wildcard certificate, do not keep it secured.

• When you go to Plesk > Domains > example.com > SSL/TLS Certificate, there is an empty window with no message and only a Continue and Cancel buttons button:
  
• The same issue is present for more than one domain on the server

Cause

The /opt/psa/admin/plib/modules/sslit/scripts/keep-secured.php cron job for the SSL Wildcard update got stuck at some point in time and created many pending orders that now need to be pushed manually.

Resolution

1. Log into Plesk
2. Enable the Plesk debug log
3. Prepare a list of affected domains by running the /opt/psa/admin/plib/modules/sslit/scripts/keep-secured.php cron job via Tools & Settings > Scheduled tasks 

4. Save all skipped domains into a separate file by executing the following command:

   # cat /var/log/plesk/panel.log | grep "has pending order"| awk '{print $7}'|uniq > domains.list

5. Run the following command to push each domain in the list to complete the certificate renewal process:

   # for i in $(cat domains.list); do plesk ext sslit --certificate -issue -domain $i -continue && plesk ext sslit --certificate -issue -domain $i -continue ; done