• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Auto-renew of Let's Encrypt SSL fails - Windows Server - Plesk Obsidian

A

athsk

New Pleskian
Hi,

I am having issues with Let's Encrypt Extension in Plesk.

Currently I have many domains & subdomains on my server that are secured with Let's Encrypt SSL.
In all of these the "Keep websites secured" switch is ON and the options "Include the 'www' subdomain", "Secure webmail", "Secure mail" are checked.
But when the SSL expires it doesn't auto-renew, so I have to manually reissue all of them.


Tried this troubleshooting guide and the results
1. DNS settings are ok
2.1 website is available
2.2.1 Require SSL/TLS check box is disabled
2.2.2
  • There are no custom rewrite rules,
  • Ι cannot disable Microsoft ASP and ASP.NET support cause my sites are using this technology,
  • I cannot find folder .wel-known\acme-challenge\ in file manager of the domain
3. None of the domains are migrated from legacy Plesk versions


My server config:
Windows Server 2019 Standard
Plesk Obsidian Version 18.0.31 Update #1, last updated on Nov 19, 2020 10:46 AM
SSL It! Version 1.9.4-1310
Websites run ASP.NET 4.7
 
hello @athsk ,

first of all I'd recommend you to at least update SSLIt and LetsEncrypt extensions to their latest versions (1.9.6-1321 and 2.13.6-736 accordingly)

the second: SSLIt uses common acme-challenge directory since the midle of 2019th.
you can check is it enabled on your server by executing command
plesk ext sslit --common-challenge-dir -info

plesk ext sslit --common-challenge-dir -enable/disable calls allows you to enable or disable common challenge diectory (this is global setting)

physically this directory can be found at %plesk_dir%var\acme-challenge\

to check that it works fine you can put some test file t o it (let's say %plesk_dir%var\acme-challenge\mytest.txt) and retrieve it by url's below:
  • http://<server-ip>/.well-known/acme-challenge/text.txt
  • http://<domain-with-problem>/.well-known/acme-challenge/text.txt

in case it can be downloaded by first URL it mean that it works in general.
in the last case (when you can't download mytest.txt) there is something wrong with IIS configuration of exactly this domain.
 
You must log in or register to reply here.

Similar threads

hansitheking
Resolved Let's Encrypt: Certs not auto-renewed if redirect to HTTPS is enabled for domain
Replies
7
Views
709
mopanim
M
F
Question How can I renew the Lets Encrypt certificates on a VPS Server from the Ionos company?
Replies
0
Views
234
fonorola
F
Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2
Replies
28
Views
6K
marcoherzog
M
P
Forwarded to devs SSL It! - inconsistent Let’s Encrypt branding
Replies
2
Views
1K
AYamshanov
AYamshanov
V
Issue Let's Encrypt wildcard certificate renewal : some subdomains are not secured
Replies
0
Views
927
Vincent Brouchet
V
Back
Top