Question Help a newbie with letsencrypt SSL for securing plesk

[GuiltySpark]

Hi,

I'm using Plesk Onyx Version 17.0.17 Update #23.

Its a hosted environment running CentOS 7.

I was having trouble installing an SSL for plesk when I first configured the system (I had already set one up for the main site), the tech support guy at the hosting company said he would do it for me. So he installed a letsencrypt certificate for plesk.

Its been working fine, however its 3 months on and its now expired. There is a schedule task in plesk that (supposedly) runs daily. I ran it manually and plesk says it ran successfully however the certificate is still invalid.

I tried to go back to the tech support guys but this is now "out of their scope for support" despite them installing it in the first place.

Can anyone help me? I've had a look at the letsencrypt site but of course this is inside of plesk so its not exactly the same.

Thanks in advance

 

[UFHH01]

Hi GuiltySpark,

there was a recent change for the log - location for the Plesk Let's Encrypt Extension:

2.0.3 (13 April 2017)

• The extension now logs its communication with the Let's Encrypt servers in the "panel.log". This enables better troubleshooting when there are some issues with requesting a certificate.

Pls. consider to INSPECT the "panel.log", in order to investigate your issue and the root cause. If you need help here, you have to provide the corresponding log - entries, so that people willing to help you have something to start with their investigations.

 

[GuiltySpark]

UFHH01, thanks for the info, I'm very new to plesk so I didn't even know that log existed, I can see a bunch of errors which I will work through. Because I am so new I'm kinda nervous about sharing the log and exposing my site..

But a real help would be an answer to a question. I have a VeriSign SSL configured for my site and that works fine. I have a second certificate for securing plesk (it's a let's encryot cert.), is this normal? Why do I need two certificates for the one site?

 

[UFHH01]

Hi GuiltySpark,

I have a second certificate for securing plesk (it's a let's encryot cert.), is this normal?

The Plesk Control Panel is reachable over two ports "8443" ( https ) and "8880" ( http ). The standart installation only delivers a so called "self-signed" Plesk certificate for the usage at port "8443", which is insecure and should be replaced by one of these options:

• A bought certificate
• a free Let's Encrypt certificate

Plesk installation routines are not able to apply a valid certificate automatically - the admin has to interfere here.
Plesk has it's OWN webserver ( sw-cp-server ), while your domain(s) use apache ( and nginx, if you use the combination ) - each webserver needs own configuration files.


In addition, you don't have to be "nervous" about server IPs and FQDNs - these are always public informations and no sensitive data. If you still would like to be anonymous, just replace the IPs with "XXX.XXX.XXX.XXX" and the domain(s) with "YOUR-DOMAIN.COM" in attached logs, or corresponding informations in your post(s).