Issue Let's Encrypt Certificate Expiration note (Mail cert)

[ManuelGDot]

Hi,

I'm getting a daily expiration mail from Let's Encrypt for a while about one Mailserver certificate that is about to expire in couple of days from now. I've been digging a bit but cannot find the cause. As I've read the cert should auto-renew.

I've configured logging for the Lets Encrypt Extension and later checked the panel.log. There's indeed logged errors, but not for this mail domain, it's for another Domain that is no longer registered but hasn't been deleted from the panel yet.

Not sure what to try next. All other certs seem to renew without issue, no logged error for this cert or the Let's Encrypt extension (did more panel.log | grep encrypt).

Thanks.

 

[UFHH01]

Hi ManuelGDot,

but hasn't been deleted from the panel yet

You are getting these eMails from Let's Encrypt itself and you should be able to stop these notifications by deleting the corresponding certificate, which then should update with a revoke command to the Let's Encrypt authority.

Unfortunately, there is no such option ( not yet ) to revoke a Let's Encrypt certificate over the Plesk Control Panel, but please feel free to vote for such a ( possible ) feature request at: => Feature Suggestions (1643 ideas) – Your Ideas for Plesk

 

[ManuelGDot]

Thanks for your response, but that "dead" cert sn't my real problem - it's just the only error message found in the log about certs.

The real problem is the mail.myserver.tld - certificate for which I'm receiving these expiration mails. I'm unsure how to interpret your response, please clarify:
1.) Where you saying there's no real problem, except for the messages I'm receiving?
2.) Or where you saying that there actually is a known problem but no way yet to resolve it?

If it's 2) and there's no real solution yet, how about creating a subdomain "mail" for myserver.tld and issuing a new Let's Encrypt cert that way? Would that possibly work and solve the issue?

 

[UFHH01]

Hi ManuelGDot,

you stated:

There's indeed logged errors, but not for this mail domain

so...

1.) Where you saying there's no real problem, except for the messages I'm receiving?

... should be the correct assumption.

If you need further assistance for such eMails, sent by Let's Encrypt, I can only recommend to either use the "original" certbot ( => Certbot ) from Let's Encrypt ( as there is a "revoke" - option included => User Guide — Certbot 0.18.0.dev0 documentation ), or you might be interested in asking for help at the official Let's Encrypt Community Forum, if they have any idea => Let's Encrypt Community Support


Actually, apart from the fact, that I never received eMails from Let's Encrypt, I indeed use the configuration for an additional subdomain "mail.exampledomain.com" for each domain, as I use Let's Encrypt certificates for all hosted domains on a server at the "master.cf" - configuration ( example: => #2 ).

 

[ManuelGDot]

The certificate in question was indeed about to expire, so the message by Let's Encrypt was correct.

Via the "subdomain workaround" I was able now to renew the certificate. If anyone else is facing the same issue, this is an easy solution: Just create a subdomain mail.domain.tld, select the mailserver-cert and click the renew-button.