• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Could not issue/renew Let`s Encrypt certificates

LordLiverpool

LordLiverpool

Basic Pleskian
Hello Plesk.

I use the Let's Encrypt plugin to issue SSL certificates for all the domains hosted on my Plesk Server.

After 60 days has passed I get an email to say:

Could not renew Let`s Encrypt certificates for xxxxxxxxxx (login admin). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let`s Encrypt certificates has failed:

* 'Lets Encrypt example.com' [days to expire: 29]
[-] *.example.com
[-] example.com

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxxxx.
Details:
Type: urn:ietfparams:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" found at _acme-challenge.example.com

I have to manually renew the certificate by adding a TXT to the DNS records of all the domains.

I used a third-party Web Registrar for domain registration and DNS.

I set up a cron job to auto-renew the certificates for me. But I still get the emails.

Do I need to manage DNS on my Plesk server myself?

If so can anyone link me a solution, please?

Thanks in advance!
 
I think this great video by Plesk on YouTube has shown me the missing pieces to the puzzle.
I'll report back if I get it to work.

Thanks.
 
Sorry for the slow reply, It took a week for my Web Register to create glue records for me. (More on this below.)

To recap:

60 days after manually renewing a Let's Encrypt certificate I'd get an email from Let's Encrypt to say it needs renewing again.

* 'Lets Encrypt example.com' [days to expire: 29]
[-] *.example.com
[-] example.com

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxxxx.
Details:
Type: urn:ietfparams:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" found at _acme-challenge.example.com

I found this Plesk article on setting up a cron Jon to do this for me.
How to make sure that Cron task for renewing Let's Encrypt certificates is present in Plesk?

I'm on version 2.10.0-621 of the Let's Encrypt Extension
Lets Encrypt Extension Version 2.10.0-621.png

So I created a cron job to run the script renew.php

Cron Job.png

Despite waiting for the chron job to run itself and also manually running the script (I clicked Run Now)

Run Now.png

I get another email the very next day from Let's Encrypt to say the certificate still needs renewing.

Then it occurred to me the problem is probably because my Web Registrar hosts my DNS.
And the script renew.php obviously can't access and amend their records.

I found this Plesk Video:

And based on what it said I asked my web registrar I explained my predicament and they agreed to create 2 glue records for me.
There was no option to do this myself within their admin/client dashboard, so I had to wait around for a week.
Anyway, they created two glue records, similar to this:
  • ns1.mydomain.com
  • ns2.mydomain.com
And more than 24 hours have passed to allow for DNS propagation.

The aim (as stated in the Plesk video) was to glue their DNS Records to my Plesk Server's IP address.

I also amended the DNS settings for the domain in question within my Plesk Server.
Websites & Domains > Domain > DNS Settings.

I added two corresponding NS records to the DNS zone for the domain.
But I got a warning that I don't understand?!?

The Plesk's DNS [marked].png

Warning:
Click to expand...
The DNS zone was modified. If you would like to apply changes in the DNS template to this zone, either click the 'Apply DNS Template Changes' button on this page or go to the Server Administration Panel > Tools & Settings > DNS Template Settings > Apply DNS Template Changes and choose the 'Apply the changes to all zones' option.
Click to expand...

I found this article:
Apply DNS Template Changes? I don't understand this.

But it's ambiguous and I am unsure what to do? I want to amend the zone, but do I want to amend all zones?!? confusing!

MxToolBox
I just checked on MxToolBox and the nameservers are still the old ones.
I will get back in touch with my web registrar.

What am I missing? Do I need to do anything else?

Can anyone help me to get let's Encrypt to automatically renew itself, please?

Thanks very much.

Any help is appreciated.
 
I finally got this fixed.

I watched this great video that really helped me to understand the DNS settings on my Plesk Server:

When my web registrar created glue records I was able to use the DNS within my Plesk server.
Then Let'sEncrypt was able to automatically to update itself.

Its a shame no one on this forum was able/prepared to help.
 
You must log in or register to reply here.

Similar threads

Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
257
Azurel
Azurel
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
2K
Peter Debik
P
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
335
Daiv
D
F
Question How can I renew the Lets Encrypt certificates on a VPS Server from the Ionos company?
Replies
0
Views
227
fonorola
F
S
Question Could not issue/renew Let's Encrypt certificates for mydomain.com
Replies
0
Views
613
sdak
S
Back
Top