Facebook
Twitter
Any progress on this issue?
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion -
Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
- Thread starter Hangover2
- Start date
Hangover2
Regular Pleskian
We see the problem now for the first time also for a domain, that has no subdomains but one extra domain in the subscription, that is forwarded to it. The wildcard certificate is not renewed and ends up in a freezing state as described in the bug report ("continue" and "cancel" buttons).
@Hangover2 Do you have a support ticket on this as recommended in this thread before?
Hangover2
Regular Pleskian
@Peter Debik At the moment we only have reseller licenses. So we cannot open support tickets as mentioned before. And our reseller does also not accept support requests. Maybe we will switch one affected server to a license directly from Plesk so we can open support tickets directly. But as the problem exists on all of our servers Plesk should be easily able to trace the issue.
Just in case you aren't aware, you don't need a full server license bought from Plesk to actually get support from Plesk. On a reseller license a support subscription (priced at 10 €) suffices. Which, depending on what your reseller charges for your Plesk license, can be a cheaper option than a full license bought from Plesk. (Also, spending 10 € to get an issue, one that you have to deal with on a daily basis, resolved faster would be a no-brainer for me.)
Hangover2
Regular Pleskian
As there seems to be no progress at all by Plesk for the bugs EXTSSLIT-1879 and PPS-15436 we decided to implement our own work-around.
To share wildcard certificates among subdomains is buggy with heavy impact on our client's satisfaction.
To avoid this shameful bug of a so called "server management platform built with you in mind." the only way is to take the renewal process in your own hands. Just scan your sites and certificates with an appropriate script and renew the wildcard certificates 5 days before Plesk would do it on its own.
Not only our clients are speechless, when we have to tell them: "Sorry, but our server management platform is not able to renew your website certificates appropriately. The bug is know since 6 months, but Plesk has no technicians or time or mood to take care this issue."
To share wildcard certificates among subdomains is buggy with heavy impact on our client's satisfaction.
To avoid this shameful bug of a so called "server management platform built with you in mind." the only way is to take the renewal process in your own hands. Just scan your sites and certificates with an appropriate script and renew the wildcard certificates 5 days before Plesk would do it on its own.
Not only our clients are speechless, when we have to tell them: "Sorry, but our server management platform is not able to renew your website certificates appropriately. The bug is know since 6 months, but Plesk has no technicians or time or mood to take care this issue."
marcoherzog
New Pleskian
My hosting provider contacted Plesk Support and reported the following:
Thanks to HE.
Thanks to HE.
Hangover2
Regular Pleskian
As described previously in this bug report, we also encounter the problem, that sometimes the "SSL/TLS certificate for mail" is removed from the domain leading to warnings in the mail clients of our customers. This happens very seldom, but it occurs. The affected wildcard certificates are still in use for webmail but not for the mail server anymore.
As we do not know, what "shortly" means for this bug report, we did implement an own check routine for exactly that problem. Anyone facing the same issue can use the following SQL statement, to determine possible domains, that maybe suffer from this bug:
As we do not know, what "shortly" means for this bug report, we did implement an own check routine for exactly that problem. Anyone facing the same issue can use the following SQL statement, to determine possible domains, that maybe suffer from this bug:
SQL:
SELECT
`certificates`.`id` AS `certificate_id`,
`certificates`.`name` AS `certificate_name`,
`dom_param`.`dom_id` AS `domain_id`,
`dom_param`.`val` AS `webmail_certificate_id`,
`Parameters`.`value` AS `mail_certificate_id`
FROM
`certificates`
STRAIGHT_JOIN `dom_param` ON
`dom_param`.`param` = "webmail_certificate_id" AND
`dom_param`.`val` = `certificates`.`id`
LEFT JOIN `Parameters` ON
`Parameters`.`parameter` = "mail_certificate_id" AND
`Parameters`.`value` = `certificates`.`id`
WHERE
`Parameters`.`value` IS NULLN8 Solutions
New Pleskian
I just opened a ticket with Plesk Support because I am experiencing this as well on all my servers. I use Let's Encrypt Wildcard certificates for all of my domains too.
We have taken the EXTSSLIT-1879 bug into work; unfortunately, we can't reproduce the issue with 100% confidence.
In our test environment, we can reproduce the blank confirmation issue very-very-very rarely. At the same time, all the necessary text appears on the confirmation screen after a second just after the page reloads. Also, we do not observe actual results with different certificates on the domain and subdomain. Likely, we have found another issue, but all these mean we still have an issue with reproducing the bug on our side.
Anyway, we would like to find and fix the root cause that happens more often (based on the number of reports in this thread, Facebook, via Plesk Support); or to confirm that there is only one bug and it was already found.
So we are looking for people who are experiencing this issue on their servers right now (the black confirmation banner is shown, not disappearing automatically in a minute; where different certificates are created instead of one wildcard certificate), to invite them to contact Plesk Support. Even if you do not have direct support from Plesk, let me know and I will create a ticket behalf you (I just need to know your email address, you can send it to me directly through the forum). The ticket will be passed to an engineer/developer on duty to investigate the root cause on your server (where the SSL It! has failed to reissue a certificate correctly).
If you can demonstrate/reproduce the issue on your server quickly, without the necessary wait for 60 days, let me also know, and I will help you contact Plesk Support as well.
In our test environment, we can reproduce the blank confirmation issue very-very-very rarely. At the same time, all the necessary text appears on the confirmation screen after a second just after the page reloads. Also, we do not observe actual results with different certificates on the domain and subdomain. Likely, we have found another issue, but all these mean we still have an issue with reproducing the bug on our side.
Anyway, we would like to find and fix the root cause that happens more often (based on the number of reports in this thread, Facebook, via Plesk Support); or to confirm that there is only one bug and it was already found.
So we are looking for people who are experiencing this issue on their servers right now (the black confirmation banner is shown, not disappearing automatically in a minute; where different certificates are created instead of one wildcard certificate), to invite them to contact Plesk Support. Even if you do not have direct support from Plesk, let me know and I will create a ticket behalf you (I just need to know your email address, you can send it to me directly through the forum). The ticket will be passed to an engineer/developer on duty to investigate the root cause on your server (where the SSL It! has failed to reissue a certificate correctly).
If you can demonstrate/reproduce the issue on your server quickly, without the necessary wait for 60 days, let me also know, and I will help you contact Plesk Support as well.
porplemontage
New Pleskian
I encounter this issue when the top-level domain uses a wildcard certificate, and that certificate is also applied to a forwarding subdomain.
Similar threads
