• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Let's encrypt auto renewal server pool?

Matthl

Basic Pleskian
Hi,

i have secured plesk and mail server (not webmail) by clicking on the '+ Let's encrypt' in "Tools and Settings - SSL/TLS Certificates" and typing in the hostname (=mailserver) in Field "Domain:".
This created a "Let's encrypt certificate" for the hostname (=mailserver) which is listed in "List of certificates in server pool" and it works fine so far.

My question:
Will this certificate be in the automatic renewal cron job which updates the domains certificates?
The cron job is listed in scheduled tasks, but i can't find out which certificates it renews. Can i list them somewhere? Manually starting the cron's command generates no output. Panel.ini is already modified with
Code:
[ext-letsenrypt]
log-requests = true

Kind regards
Matthl
 
God bless those who can read. It states "The certificate will be renewed automatically every month." above the certificate creation form.

Anyway. Where can i control which certificates are renewed?
 
...Where can i control which certificates are renewed?
Our experience so far with Let's Encrypt and Plesk is pretty good and may be helpful for you? Assumimg that you have the extension, you can renew any Let's Encypt Certificate manually within the Plesk panel itself (it's very easy to do) or just allow it to renew itself automatically. You should receive a couple of renew.bot type e-mails from Let's Encrypt giving you plenty of notice about their renewal dates, which makes it very simple. Effectively this means that you won't be controling which certificates are renewed if they are Let's Encrypt certificates, as they will all renew automatically by default, but any non-Let's Encrypt certificates are different. You will usually need to make those renewals happen yourself (we certainly have). In our case, there's still some small challenges with the associated record sets updating in sync, after their sucessful renewals, but hopefully that will be solved very shortly.
 
Thank you for the given information.

With "automaticalIy by itself" and additional notification mails (didn't know they exist) i should be fine, then.
 
Hi friends,

I've found out that certificates created in the server pool are neither listed under the view of the extensions nor they are renewed automatically.
 
I've found out that certificates created in the server pool are neither listed under the view of the extensions nor they are renewed automatically.
Yes, that is known already (but maybe it's not easy to find anywhere online etc) to be fair.

We use a GeoTrust * wildcard SSL certificate on one domain and Let's Encrypt certificates on all the other domains. The primary domain runs a sub-domain that is used as the server's full hostname and therefore, we don't use or need to renew any server pool certificates, so this doesn't affect us. Your setup / experience may vary ;)

Next year, Let's Encrypt will offer * wildcard certificates too, but with some sensible caveats (but these should still be free, like their existing single domain certificates and not chargeable like GeoTrust etc) Assuming that the new Let's Encrypt * wildcard setup works well and we switch from using 98% Let's Encrypt to using 100% Encrypt, we still wouldn't need to renew any server pool certificates, as our current GeoTrust * wildcard setup would be replaced by Let's Encrypt, which already works well on all our 'normal' domains so far.
 
Back
Top