• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Let's Encrypt certificate expiration notice for domain "cdn.example.com" (and 1 more)

Azurel

Azurel

Silver Pleskian
I get mails with

Hello,

Your certificate (or certificates) for the names listed below will expire in 9 days. Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let's Encrypt's current 90-day certificates, that means
renewing 30 days before expiration. See
Integration Guide - Let's Encrypt - Free SSL/TLS Certificates for details.

list-of-domains

For any questions or support, please visit Let's Encrypt Community Support. Unfortunately, we can't provide support by email.
Click to expand...

The mails are not wrong, firefox showed me it get expired in few days.

Now its expired and not secure anymore.

What happen here? Here are no errors in:

- /usr/local/psa/var/modules/letsencrypt/logs/letsencrypt.log Last update is from march 2017!
- /var/log/plesk/panel.log
The last two months only messages like
ERR [panel] [Action Log] Failed login attempt with login 'admin' from IP 46.183.*.*
ERR [1] PHP Warning: Error while sending QUERY packet. PID=3281; File: /usr/local/psa/admin/externals/Zend/Db/Statement/Pdo.php, Line: 228
Click to expand...

And I can access all (sub-)domains with
http://cdn.example.com/.well-known/acme-challenge/
and
https://cdn.example.com/.well-known/acme-challenge/

In topic Let’s Encrypt Secured Plesk Not Renewing IgorG said:
# crontab -l | grep letsen
3 16 * * * /usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/letsencrypt/scripts/renew.php'
Click to expand...
My output is empty.

Tools / Schudele Tasks have the entry
/usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/letsencrypt/scripts/keep-secured.php' for update hourly at 14min.
Is this not a very important task, so its should report by errors? Actual its set "Do not notify".

I have run it per "Run Now"-button and result was "successfully completed in 74 seconds.". AND expired domains have now a valid certificate.
I have received a mail with
Let's Encrypt certificates for ,,,, have been issued/renewed
Click to expand...
and a bunch list of domains

What is here the problem with this scheduled task? Why its not working automatically?

OS ‪CentOS Linux 7.5.1804 (Core)‬
Product Plesk Onyx Version 17.5.3 Update #54, last updated on July 24, 2018 03:23 AM
 
Last edited:
Did you check if the cron service is running?
What's the output of systemctl status crond.service
Check your cron log file at /var/log/cron if the let's encrypt cronjob is executed every day
 
I get this results

# systemctl status crond.service
● crond.service - Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2018-08-07 22:14:55 CEST; 1 weeks 0 days ago
Main PID: 585 (crond)
CGroup: /system.slice/crond.service
└─585 /usr/sbin/crond -n

Aug 15 09:45:01 mail crond[585]: (/opt/plesk/php/7.2/bin/php) ERROR (getpwnam() failed)
Aug 15 10:00:01 mail crond[585]: (/opt/plesk/php/7.2/bin/php) ERROR (getpwnam() failed)
Aug 15 10:15:01 mail crond[585]: (/opt/plesk/php/7.2/bin/php) ERROR (getpwnam() failed)
Aug 15 10:30:01 mail crond[585]: (/opt/plesk/php/7.2/bin/php) ERROR (getpwnam() failed)
Aug 15 10:45:01 mail crond[585]: (/opt/plesk/php/7.2/bin/php) ERROR (getpwnam() failed)
Aug 15 11:00:01 mail crond[585]: (/opt/plesk/php/7.2/bin/php) ERROR (getpwnam() failed)
Aug 15 11:15:01 mail crond[585]: (/opt/plesk/php/7.2/bin/php) ERROR (getpwnam() failed)
Aug 15 11:30:01 mail crond[585]: (/opt/plesk/php/7.2/bin/php) ERROR (getpwnam() failed)
Aug 15 11:45:01 mail crond[585]: (/opt/plesk/php/7.2/bin/php) ERROR (getpwnam() failed)
Aug 15 12:00:01 mail crond[585]: (/opt/plesk/php/7.2/bin/php) ERROR (getpwnam() failed)
Click to expand...

This error have nothing todo with letsencrypt. I found that this is a matomo cron without user
0,15,30,45 * * * * /opt/plesk/php/7.2/bin/php /var/www/vhosts/example.com/analytics.example.com/matomo/console core:archive --url=https://analytics.example.com > /home/analytics/piwik-archive.log
I changed it to
0,15,30,45 * * * * root /opt/plesk/php/7.2/bin/php -q /var/www/vhosts/example.com/analytics.example.com/matomo/console core:archive --url=https://analytics.example.com > /home/analytics/piwik-archive.log
Now log is fine
Aug 15 12:30:01 mail CROND[12078]: (root) CMD (/opt/plesk/php/7.2/bin/php -q /var/www/vhosts/example.com/analytics.example.com/matomo/console core:archive --url=https://analytics.example.com > /home/analytics/piwik-archive.log)
Click to expand...

Why not listed letsencrypt in cron-file?
 
Last edited:
Azurel said:
In topic Let’s Encrypt Secured Plesk Not Renewing IgorG said:

My output is empty.
Click to expand...

I missed this part. Your output of crontab -l should show an entry for the Let's Encrypt job. My output is:
Code: 
# crontab -l | grep letsencrypt
36      *       *       *       *       /usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/letsencrypt/scripts/keep-secured.php'

If you don't see this then you're probably missing the cronjob. Either install it manually or re-install the Let's Encrypt extension.
 
How I can install it manually? I wonder how this crontab can get missing. And why is here a scheduled task, when there is a crontab?
 
You may have deleted them by accident when you were logged in on the server in the shell.

The list of scheduled tasks in the Plesk interface is retrieved from the Plesk database and not from the "crontab" output. So if you change the cronjobs manually on the server you need to hit the "Refresh" button in the Plesk interface (in the Scheduled Task menu) to reflect the changes.

To add the cronjob manually, do "crontab -e" and enter the line I pasted above. Or re-install the Let's Encrypt extension.
 
Thanks for helping! Ah f*ck, I see I have accident override (a month ago) the crontab with crontab <file>. And centos/plesk make no backups from this files. That very bad.I'm so stupid.

Can anybody give me the needed content from file /var/spool/cron/root for
OS ‪CentOS Linux 7.5.1804 (Core)‬, Product Plesk Onyx Version 17.5.3 Update #54

or is this only this single line?
3 16 * * * /usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/letsencrypt/scripts/renew.php'
 
This is what I have. Please note: I'm using the Wordpress Toolkit and Let's Encrypt extensions. You may need some more cronjobs if you have some other extensions.

Code: 
MAILTO=""
36      *       *       *       *       /usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/letsencrypt/scripts/keep-secured.php'
0       0       *       *       *       /usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/wp-toolkit/scripts/instances-auto-update.php'
49      *       *       *       *       /usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/wp-toolkit/scripts/maintenance.php'
 
You must log in or register to reply here.

Similar threads

sweetp
Question SSL renewed/created hook?
Replies
2
Views
409
sweetp
sweetp
M
Issue Let's Encrypt Bulk Domain Renewal
Replies
4
Views
595
MacGyver
M
S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
1K
SilentWarrior
S
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
976
Robin McDermott
R
Back
Top