• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Could not issue/renew Let`s Encrypt certificates for admin

P

PeterKi

Regular Pleskian
Server operating system version
Ubuntu Linux 22.04.1 LTS
Plesk version and microupdate number
plesk obsidian 18.0.50u2 WebAdmin Edition
I frequently get messages from let's encrypt renewals like the one shown below.
When I check the expiration of my domain everything looks fine though.
My domain was already successfully renewed 9 days ago on March 6th and is shown to expire on June 4th.
There is nothing which shows an expiration in 21 days.
I also do not have a problem to access my domain with https and browsers show it as secured.

What makes plesk generating these messages?

Could not secure domains of admin (login admin) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually. Securing of the following domains has failed: <none> The following domains have been secured without some of their Subject Alternative Names: <none> Could not renew Let`s Encrypt certificates for admin (login admin). Please log in to Plesk and renew the certificates listed below manually. Renewal of the following Let`s Encrypt certificates has failed: ** 'Lets Encrypt mydomain.de' [days to expire: 21] ** [-] mydomain.de [-] webmail.mydomain.de [-] www.mydomain.de Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/210977840857. Details: Type: urn:ietf:params:acme:error:unauthorized Status: 403 Detail: xx.xxx.xxx.xxx: Invalid response from https://mydomain.de/.well-known/acme-challenge/sgyeD_3Zeg5kO5niibeItJP-dg6T5Py4M5UD7c6474I: 404 The following Let`s Encrypt certificates have been renewed without some of their Subject Alternative Names: <none>
 
The reason is probably that in an older certificate an alternative name was included such as an alias that no longer exists on the server. Meanwhile a new cert has been issued, but the old one is still there.

Here is one approach how to find out more and eventally solve the issue:
1) Login to the console.
2) Escalate to root (su).
3) Start sqlite
sqlite3 /usr/local/psa/var/modules/sslit/sslit.sqlite3
4) Run
> select id,createdDate,state,params from Notification where params like 'mydomain.de' order by id desc limit 10;
From there I suggest to delete messages for mydomain.de from the notifications queue:
> delete from Notification where params like 'mydomain.de';
5) Exit sqlite
> .quit
6) Remove the existing certificate for mydomain.de by clicking the "Unassign certificate" on the SSL page.
7) On the console remove the SSL directory if it still exists after unassigning:
mv /usr/local/psa/var/modules/sslit/etc/live/mydomain.de/ ~/
8) Reissue/reinstall a certificate for mydomain.de
 
Thanks for the quick reply.
Alas, there is nothing neither in the Notification table nor in the PanelNotification table
When I wrote 'frequently' I didn't mean every day but every other week.

SELECT name FROM sqlite_schema WHERE type='table' ORDER BY name; Notification OrderAttribute Orders PanelNotification sqlite_sequence statisticsMeasurement version sqlite> select * from Notification ; sqlite> select * from PanelNotification ; sqlite>
 
Are you sure that the mail is being sent from the server you are currently on? Could it be sent from another server where the domain was previously hosted?
 
  • Like
Reactions: mow
Oops, you're right.
I hadn't thought of, that after my server migration email headers may look the same.
Looking at the mail source revealed that it was indeed from my old server, which is still in stand by without any domains.
Mea Culpa!
 
We have the same issue after our hosting was moved from Media Temple to GoDaddy. The messages we receive are consistent, but we are unable to determine how to secure the domains manually.

Could not secure domains of admin (login admin) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
 
@Wrwebapps What domains do you mean that you need to secure manually? Where is the error message that you have quoted shown? Could you please describe this in more detail? I suggest, too, to open a separate thread for it, because it does not seem to be the exact same issue that the owner of this thread explained.
 
You must log in or register to reply here.

Similar threads

Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
257
Azurel
Azurel
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
176
klowet
K
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
337
Daiv
D
D
Issue Automatic renewal via SSLit doesn't work for wildcard certificates
Replies
0
Views
483
D3nnis3n
D
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
2K
Peter Debik
P
Back
Top