• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Auto-renew of Let's Encrypt SSL fails - Windows Server - Plesk Obsidian

A

athsk

New Pleskian
Hi,

I am having issues with Let's Encrypt Extension in Plesk.

Currently I have many domains & subdomains on my server that are secured with Let's Encrypt SSL.
In all of these the "Keep websites secured" switch is ON and the options "Include the 'www' subdomain", "Secure webmail", "Secure mail" are checked.
But when the SSL expires it doesn't auto-renew, so I have to manually reissue all of them.


Tried this troubleshooting guide and the results
1. DNS settings are ok
2.1 website is available
2.2.1 Require SSL/TLS check box is disabled
2.2.2
  • There are no custom rewrite rules,
  • Ι cannot disable Microsoft ASP and ASP.NET support cause my sites are using this technology,
  • I cannot find folder .wel-known\acme-challenge\ in file manager of the domain
3. None of the domains are migrated from legacy Plesk versions


My server config:
Windows Server 2019 Standard
Plesk Obsidian Version 18.0.31 Update #1, last updated on Nov 19, 2020 10:46 AM
SSL It! Version 1.9.4-1310
Websites run ASP.NET 4.7
 
hello @athsk ,

first of all I'd recommend you to at least update SSLIt and LetsEncrypt extensions to their latest versions (1.9.6-1321 and 2.13.6-736 accordingly)

the second: SSLIt uses common acme-challenge directory since the midle of 2019th.
you can check is it enabled on your server by executing command
plesk ext sslit --common-challenge-dir -info

plesk ext sslit --common-challenge-dir -enable/disable calls allows you to enable or disable common challenge diectory (this is global setting)

physically this directory can be found at %plesk_dir%var\acme-challenge\

to check that it works fine you can put some test file t o it (let's say %plesk_dir%var\acme-challenge\mytest.txt) and retrieve it by url's below:
  • http://<server-ip>/.well-known/acme-challenge/text.txt
  • http://<domain-with-problem>/.well-known/acme-challenge/text.txt

in case it can be downloaded by first URL it mean that it works in general.
in the last case (when you can't download mytest.txt) there is something wrong with IIS configuration of exactly this domain.
 
You must log in or register to reply here.

Similar threads

L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
348
Leta
L
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
889
tessa67
T
M
Issue Lets Encrypt SSL issued but the website is not secured
Replies
9
Views
991
Kaspar@Plesk
Kaspar@Plesk
Bitpalast
Resolved SSL create and renew errors on random domains / possibly a Let's Encrypt issue, but maybe only in combination with Plesk
Replies
11
Views
1K
Change Maker
C
hansitheking
Resolved Let's Encrypt: Certs not auto-renewed if redirect to HTTPS is enabled for domain
Replies
7
Views
1K
mopanim
M
Back
Top