• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Could not issue/renew Let`s Encrypt certificates for admin

P

PeterKi

Regular Pleskian
Server operating system version
Ubuntu Linux 22.04.1 LTS
Plesk version and microupdate number
plesk obsidian 18.0.50u2 WebAdmin Edition
I frequently get messages from let's encrypt renewals like the one shown below.
When I check the expiration of my domain everything looks fine though.
My domain was already successfully renewed 9 days ago on March 6th and is shown to expire on June 4th.
There is nothing which shows an expiration in 21 days.
I also do not have a problem to access my domain with https and browsers show it as secured.

What makes plesk generating these messages?

Could not secure domains of admin (login admin) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually. Securing of the following domains has failed: <none> The following domains have been secured without some of their Subject Alternative Names: <none> Could not renew Let`s Encrypt certificates for admin (login admin). Please log in to Plesk and renew the certificates listed below manually. Renewal of the following Let`s Encrypt certificates has failed: ** 'Lets Encrypt mydomain.de' [days to expire: 21] ** [-] mydomain.de [-] webmail.mydomain.de [-] www.mydomain.de Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/210977840857. Details: Type: urn:ietf:params:acme:error:unauthorized Status: 403 Detail: xx.xxx.xxx.xxx: Invalid response from https://mydomain.de/.well-known/acme-challenge/sgyeD_3Zeg5kO5niibeItJP-dg6T5Py4M5UD7c6474I: 404 The following Let`s Encrypt certificates have been renewed without some of their Subject Alternative Names: <none>
 
The reason is probably that in an older certificate an alternative name was included such as an alias that no longer exists on the server. Meanwhile a new cert has been issued, but the old one is still there.

Here is one approach how to find out more and eventally solve the issue:
1) Login to the console.
2) Escalate to root (su).
3) Start sqlite
sqlite3 /usr/local/psa/var/modules/sslit/sslit.sqlite3
4) Run
> select id,createdDate,state,params from Notification where params like 'mydomain.de' order by id desc limit 10;
From there I suggest to delete messages for mydomain.de from the notifications queue:
> delete from Notification where params like 'mydomain.de';
5) Exit sqlite
> .quit
6) Remove the existing certificate for mydomain.de by clicking the "Unassign certificate" on the SSL page.
7) On the console remove the SSL directory if it still exists after unassigning:
mv /usr/local/psa/var/modules/sslit/etc/live/mydomain.de/ ~/
8) Reissue/reinstall a certificate for mydomain.de
 
Thanks for the quick reply.
Alas, there is nothing neither in the Notification table nor in the PanelNotification table
When I wrote 'frequently' I didn't mean every day but every other week.

SELECT name FROM sqlite_schema WHERE type='table' ORDER BY name; Notification OrderAttribute Orders PanelNotification sqlite_sequence statisticsMeasurement version sqlite> select * from Notification ; sqlite> select * from PanelNotification ; sqlite>
 
Are you sure that the mail is being sent from the server you are currently on? Could it be sent from another server where the domain was previously hosted?
 
  • Like
Reactions: mow
Oops, you're right.
I hadn't thought of, that after my server migration email headers may look the same.
Looking at the mail source revealed that it was indeed from my old server, which is still in stand by without any domains.
Mea Culpa!
 
We have the same issue after our hosting was moved from Media Temple to GoDaddy. The messages we receive are consistent, but we are unable to determine how to secure the domains manually.

Could not secure domains of admin (login admin) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
 
@Wrwebapps What domains do you mean that you need to secure manually? Where is the error message that you have quoted shown? Could you please describe this in more detail? I suggest, too, to open a separate thread for it, because it does not seem to be the exact same issue that the owner of this thread explained.
 
You must log in or register to reply here.

Similar threads

L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
324
Leta
L
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
677
Azurel
Azurel
D
Question Renewing Let's encrypt automatically
Replies
3
Views
491
Kaspar
K
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
1K
klowet
K
Bitpalast
Resolved SSL create and renew errors on random domains / possibly a Let's Encrypt issue, but maybe only in combination with Plesk
Replies
11
Views
1K
Change Maker
C
Back
Top