• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Let's Encrypt Directives Left Over in NGINX.conf when moving to other SSL options.

J.Wick

Regular Pleskian
Server operating system version
Rocky Linux 8.6
Plesk version and microupdate number
Version 18.0.51
I moved to another SSL option and noticed that all the Let's Encrypt directives are left behind in the nginx.conf file.

Do you know if this is a bug?

How can I remove it since this is a regenerative file?

Code:
        #extension letsencrypt begin
        location ^~ /.well-known/acme-challenge/ {
                root /var/www/vhosts/default/htdocs;

                types { }
                default_type text/plain;

                satisfy any;
                auth_basic off;
                allow all;

                location ~ ^/\.well-known/acme-challenge.*/\. {
                        deny all;
                }
        }
        #extension letsencrypt end

        #extension sslit begin

        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;

        #OCSP Stapling
        ssl_stapling on;
        ssl_stapling_verify on;

        #extension sslit end

        #extension sectigo begin
        location ^~ /.well-known/pki-validation/fileauth.txt {
                try_files $uri $uri/ =404;
        }

        location ^~ /.well-known/pki-validation/ {
                root /var/www/vhosts/default/htdocs;

                types { }
                default_type text/plain;

                satisfy any;
                auth_basic off;
                allow all;

                location ~ ^/\.well-known/pki-validation.*/\. {
                        deny all;
                }
        }
        #extension sectigo end
 
Seems to be correct for me. The .well-known path is a standard path that can exist or not. It does not hurt the configuration, not really a bug.
 
Seems to be correct for me. The .well-known path is a standard path that can exist or not. It does not hurt the configuration, not really a bug.

It doesn't make sense to have old settings for a service that was removed. I suggest it was a bug because when you uninstall something, all traces and settings of it should be properly removed. Do you know where these settings are being pulled from when the plesk repair command is executed?
 
In your case they'll be a result from the active "Let's Encrypt" extension and the "SSLIt" extension. The fact that you are not using a certificate from them does not mean that the configuration cannot be present, because if you decided to add a certificate from there, the web server must be able to deliver a token to the domain-validation service of Let's Encrypt. What you can try is to completely remove the SSLIt and the Let's Encrypt extensions and then reconfigure the web server configuration files.
 
I suggest it was a bug because when you uninstall something, all traces and settings of it should be properly removed.
That is not always the case. There is many applications on both Linux and Windows where when you remove an application/package, the settings and/or config files would still be left behind and this is usually because if you later decide to reinstall the application it could refer to the old settings if not simply override them. Plus settings like those will not cause any performance impacts to begin with and thus it's considered a nonissue.
 
That is not always the case. There is many applications on both Linux and Windows where when you remove an application/package, the settings and/or config files would still be left behind and this is usually because if you later decide to reinstall the application it could refer to the old settings if not simply override them. Plus settings like those will not cause any performance impacts to begin with and thus it's considered a nonissue.

Totally agree with this, however, still personally prefer a middle ground - being prompted on uninstall if I would also like to remove all settings/configuration.
 
personally prefer a middle ground - being prompted on uninstall if I would also like to remove all settings/configuration.
If only we lived in a perfect world lol.

Not gonna lie, though, applications that does not remove the configs and such actually saved me the hassle when I had to redeploy a unifi controller and Azure AD Connect quite a few times.
 
Back
Top