• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs Let's Encrypt certificate renewal domain aliases get lost

Hangover2

Hangover2

Regular Pleskian
TITLE:
Let's Encrypt certificate renewal domain aliases get lost
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
‪Debian 9.8‬ amd64, ‬Plesk Onyx, Version 17.8.11 Update #44
PROBLEM DESCRIPTION:
If a Let's Encrypt certificate - containing domain aliases - is renewed automatically, the selected domain aliases get lost as part of the certificate.​
STEPS TO REPRODUCE:
Create a Let's Encrypt certificate containing domain aliases.E.g.:

example.com
Selected domain aliases: alias.example.com

The generated cert.pem will contain both domains:
[...]
DNS:example.com, DNS:alias.example.com
[...]

30 days before the expiration date the certificate gets renewed automatically.​
ACTUAL RESULT:
The newly generated cert.pem will not contain the server aliases anymore:
[...]
DNS:example.com
[...]​
EXPECTED RESULT:
The newly generated cert.pem should contain the same domains like before:
[...]
DNS:example.com, DNS:alias.example.com
[...]​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
With the latest extension update of Let’s Encrypt to version 2.8.0 the problem is fixed:

If a certificate secures a domain plus a subdomain that is an alias for the domain (alias.example.com), the certificate is now correctly automatically renewed without excluding the alias SAN. (EXTLETSENC-626)
 
You must log in or register to reply here.

Similar threads

M
Issue Let's Encrypt Bulk Domain Renewal
Replies
4
Views
611
MacGyver
M
W
Question Wanted: Best practice for certificates (Lets Encrypt) two separate Plesk servers for www and mail
2
Replies
20
Views
2K
W4ru
W
D
Question Renewing Let's encrypt automatically
Replies
6
Views
2K
iainh
I
Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2 3
Replies
48
Views
21K
gsk
gsk
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
Back
Top