Resolved How to update the e-mail address which is used for Let's encrypt?

[King555]

Server operating system version

Ubuntu 18.04.6 LTS x64

Plesk version and microupdate number

Plesk Obsidian 18.0.x web admin edition

I changed my main e-mail address about a month ago and also changed it in the Plesk administrator account (I changed it everywhere I could). Today I see that my old address is used for Let's encrypt certificate requests. Is the address updated when the next automatic renewal occurs or is it (only) possible when I manually renew it for every domain?

 

[Kaspar]

Good question! From what I can tell after a quick experiment is that the email address used for the Let's encrypt certificate isn't updated or changed if the email address of the subscription owner (either Admin, Reseller or a Customer) gets changed.

 

[King555]

Today I searched on every SSL/TLS related page within Plesk, but the mail address cannot be changed/updated anywhere. It's a fixed entry. There were some auto-renewals in the last days, but the mail address is still the old one for every domain certificate.

Should I change it in the database of Plesk? Or is this just a bug, which I can report?

 

[Kaspar]

You can re-issue a Let's encrypt certificate and change the associated email address during the re-issue process.

 

[King555]

Thanks. This seems to be the only solution. I did that.

 

[King555]

It seems like this does not completely solve the case. When I search the "psa" database via PhpMyAdmin, I find these entries in the table "ModuleSettings" (field "name"):

ext-letsencrypt-notification-certificateAutoRenewalFailed
ext-letsencrypt-notification-certificateAutoRenewalSucceed

Both have my old mail address in the "value" field. Should I just change it in the database?

 

[Kaspar]

Are you still receiving notifications on your old email address since you've re-issued the certificate manually?

If I am not mistaken those records where used for the Lets Encrypt extension, which is no longer used. Those records store the settings from Tools & Settings > Notifications. If your (old) email address shows in the value field of those records is because it has been set to receive notifications. However the Lets Encrypt extension is replaced by SSL it! extension. I don't think those settings are used for the SSL it! extension, because it uses different records;

ext-sslit-notification-certificateAutoRenewalFailed
ext-sslit-notification-certificateAutoRenewalSucceed

 

[King555]

When I re-issued the certificates, I only got one single mail for one request (although I requested about 15 certificates). Nevertheless my new mail address was used. Further mails did not arrive, yet. I think I will have to wait some time.

If I am not mistaken those records where used for the Lets Encrypt extension, which is no longer used.

This makes sense! I guess you are right.

 

[Manfred Beck]

I have the same issue, Plesk now uses the SSL It! extension, the certificate has my admin email address but renewal reminder mails are also sent to the subscriber's admin account, which causes a lot of requests and troubles. As far as I can remember I deleted a certificate, issued a new one and had the same problem as before: mails are sent to the certificate's and the subscriber's account.
Is the something hardcoded or a business rule in the background I am not aware of?

 

[King555]

When you manually request a certificate, you can change the mail address. But of course reminders from Let's Encrypt for older requests are still sent to the old address, because these are not from your Plesk installation, but from Let's Encrypt.