Let's Encrypt Directives Left Over in NGINX.conf when moving to other SSL options.

[J.Wick]

Server operating system version

Rocky Linux 8.6

Plesk version and microupdate number

Version 18.0.51

I moved to another SSL option and noticed that all the Let's Encrypt directives are left behind in the nginx.conf file.

Do you know if this is a bug?

How can I remove it since this is a regenerative file?

        #extension letsencrypt begin
        location ^~ /.well-known/acme-challenge/ {
                root /var/www/vhosts/default/htdocs;

                types { }
                default_type text/plain;

                satisfy any;
                auth_basic off;
                allow all;

                location ~ ^/\.well-known/acme-challenge.*/\. {
                        deny all;
                }
        }
        #extension letsencrypt end

        #extension sslit begin

        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;

        #OCSP Stapling
        ssl_stapling on;
        ssl_stapling_verify on;

        #extension sslit end

        #extension sectigo begin
        location ^~ /.well-known/pki-validation/fileauth.txt {
                try_files $uri $uri/ =404;
        }

        location ^~ /.well-known/pki-validation/ {
                root /var/www/vhosts/default/htdocs;

                types { }
                default_type text/plain;

                satisfy any;
                auth_basic off;
                allow all;

                location ~ ^/\.well-known/pki-validation.*/\. {
                        deny all;
                }
        }
        #extension sectigo end

 

[Peter Debik]

Seems to be correct for me. The .well-known path is a standard path that can exist or not. It does not hurt the configuration, not really a bug.

 

[J.Wick]

Seems to be correct for me. The .well-known path is a standard path that can exist or not. It does not hurt the configuration, not really a bug.

It doesn't make sense to have old settings for a service that was removed. I suggest it was a bug because when you uninstall something, all traces and settings of it should be properly removed. Do you know where these settings are being pulled from when the plesk repair command is executed?

 

[Peter Debik]

In your case they'll be a result from the active "Let's Encrypt" extension and the "SSLIt" extension. The fact that you are not using a certificate from them does not mean that the configuration cannot be present, because if you decided to add a certificate from there, the web server must be able to deliver a token to the domain-validation service of Let's Encrypt. What you can try is to completely remove the SSLIt and the Let's Encrypt extensions and then reconfigure the web server configuration files.

 

[scsa20]

I suggest it was a bug because when you uninstall something, all traces and settings of it should be properly removed.

That is not always the case. There is many applications on both Linux and Windows where when you remove an application/package, the settings and/or config files would still be left behind and this is usually because if you later decide to reinstall the application it could refer to the old settings if not simply override them. Plus settings like those will not cause any performance impacts to begin with and thus it's considered a nonissue.

 

[MarkM]

That is not always the case. There is many applications on both Linux and Windows where when you remove an application/package, the settings and/or config files would still be left behind and this is usually because if you later decide to reinstall the application it could refer to the old settings if not simply override them. Plus settings like those will not cause any performance impacts to begin with and thus it's considered a nonissue.

Totally agree with this, however, still personally prefer a middle ground - being prompted on uninstall if I would also like to remove all settings/configuration.

 

[scsa20]

personally prefer a middle ground - being prompted on uninstall if I would also like to remove all settings/configuration.

If only we lived in a perfect world lol.

Not gonna lie, though, applications that does not remove the configs and such actually saved me the hassle when I had to redeploy a unifi controller and Azure AD Connect quite a few times.