Articles in this section

Let's Encrypt SSL renewal notifications are received at the Plesk admin email despite the domain not having an SSL installed

Daniel Yordanov
Updated
Plesk for Linux kb: technical ext: sslit ssl

Applicable to:

  • Plesk for Linux

Symptoms

  • The SSL/TLS Support option is disabled for the domain in Plesk > Domains > example.com > Dashboard > Hosting & DNS > Hosting

  • The following notification is sent via email to the user:

    CONFIG_TEXT: Could not secure domains of John Doe (login example123) with Let's Encrypt certificates. Please log in to Plesk and secure the domains listed below manually. Securing of the following domains has failed:
    **"example.com'**
    Invalid response from https://acme- v02.api.letsencrypt.org/acme/authz/2171585005/467418186755
    Details: Type: urn:ietf:params:acme:error:unauthorized
    Status: 403
    Detail: 2a0d:5940:3:1::2: Invalid response from http://example.com.well-known/acme-challenge/_YVLS4B7- tQuiOVDcQ1PNWGZIGnHyMzOiRTEHSWTy0I: 404

    The following domains have been secured without some of their Subject
    Alternative Names: ‹none>
    Could not renew Let's Encrypt certificates for John Doe (login example123).

  • Errors such as the following are logged in the /var/log/plesk/panel.log:

    CONFIG_TEXT: [2025-07-06 23:53:08.566] 1396431:686af03d59a78 ERR [extension/letsencrypt] Domain validation failed for webmail.example.com: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/2274999696/548433475591
    Detail: 203.0.113.2: Invalid response from http://webmail.georgelefkada.gr/.well-known/acme-challenge/HE54vvK7eSFadEGJbacBiqktyL1VB21i2xfpQ9M1y3A: 404
    [2025-07-06 23:53:08.579] 1396431:686af03d59a78 ERR [extension/sslit] Unable to secure domain example.com automatically No domains have passed validation

Cause

This happens, because the Keep websites secured with free SSL/TLS certificates option is enabled in the Additional Services tab of the Subscription settings:

The Keep websites secured with free SSL/TLS certificates option forces the replacement of expired or self-signed SSL/TLS certificates with free valid certificates from Let's Encrypt automatically by design. It covers each domain, subdomain, domain alias, and webmail belonging to the subscription.

Resolution

  1. Log into Plesk
  2. Go to Subscriptions > example.com > Customize (in the right sidebar) > Additional Services tab
  3. Change the SSL It! setting from "Keep secured with SSL/TLS Certificates" to "none"
  4. Press Apply
Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.