1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Resolved Let's Encrypt extension

Discussion in 'Plesk Extensions' started by custer, Feb 15, 2016.

  1. custer

    custer Administrator Staff Member

    33
     
    Joined:
    Apr 24, 2007
    Messages:
    593
    Likes Received:
    101
    Hi everyone,

    We have released the new version of Let's Encrypt extension - v1.3.

    Changes include:
    1. Debian 6 is now supported
    2. No more conflicts with alt-python-virtualenv on CloudLinux
    3. Extension now ignores unsupported domains:
      1. Inactive (disabled/suspended) domains
      2. Wildcard subdomains
      3. Domains without web hosting
      4. IDN domains
    4. Fixed PHP Warning: Invalid argument supplied for foreach
    5. Users can now secure Plesk with www. prefix in hostname (https://github.com/plesk/letsencrypt-plesk/issues/11#issuecomment-180232416)
    6. Store CLI options for certificate renewal (https://github.com/plesk/letsencrypt-plesk/issues/46)
    Coming next: Let's Encrypt on Windows!
     
    Dukemaster, Mouaz and DennisAm like this.
  2. DennisAm

    DennisAm Basic Pleskian

    13
     
    Joined:
    Jun 22, 2013
    Messages:
    30
    Likes Received:
    0
    Location:
    Netherlands
    Great to see that a Windows version is in the works! Looking forward :)
     
  3. trialotto

    trialotto Golden Pleskian Plesk Guru

    37
     
    Joined:
    Sep 28, 2009
    Messages:
    1,446
    Likes Received:
    206
    @DennisAm

    There are already some possibilities to get the LE certification process working on Win based systems, as opposed to run the LE binary on a linux machine and then implementing the certificates (more or less) manually in IIS.

    Have a look at the ACMESharp project on Github and/or use Certify for Windows (currently in alpha state).

    Nevertheless, the integration with Plesk Panel is something that should be waited for (even though that should become more easy with before mentioned Github project).

    Regards.......

    PS If you want to, just start a personal conversation......in Dutch (mag best, kan ik ook lezen).
     
    Dukemaster likes this.
  4. custer

    custer Administrator Staff Member

    33
     
    Joined:
    Apr 24, 2007
    Messages:
    593
    Likes Received:
    101
    Dukemaster likes this.
  5. DennisAm

    DennisAm Basic Pleskian

    13
     
    Joined:
    Jun 22, 2013
    Messages:
    30
    Likes Received:
    0
    Location:
    Netherlands
    @trialotto
    Thanks for your reply. I was aware of that and had an alternative running, but Plesk didn't show those certificates because they were not created using Plesk. That also means that they won't get included into backups, which makes it harder to set up SSL when a restoration is needed.

    @custer
    Thanks so much! Very happy to read that Let's Encrypt is now also available on Windows.
    However, I get the following error when trying to install the extension:

    Failed to install the extension: Executing C:\Program Files (x86)\Parallels\Plesk\admin\plib\modules\letsencrypt\scripts\post-install.php failed: Traceback (most recent call last): File "C:\Program Files (x86)\Parallels\Plesk\python\lib\runpy.py", line 162, in _run_module_as_main "__main__", fname, loader, pkg_name) File "C:\Program Files (x86)\Parallels\Plesk\python\lib\runpy.py", line 72, in _run_code exec code in run_globals File "C:\Program Files (x86)\Parallels\Plesk\python\lib\site-packages\virtualenv.py", line 2380, in main() File "C:\Program Files (x86)\Parallels\Plesk\python\lib\site-packages\virtualenv.py", line 853, in main symlink=options.symlink) File "C:\Program Files (x86)\Parallels\Plesk\python\lib\site-packages\virtualenv.py", line 1021, in create_environment site_packages=site_packages, clear=clear, symlink=symlink)) File "C:\Program Files (x86)\Parallels\Plesk\python\lib\site-packages\virtualenv.py", line 1187, in install_python mkdir(lib_dir) File "C:\Program Files (x86)\Parallels\Plesk\python\lib\site-packages\virtualenv.py", line 469, in mkdir os.makedirs(path) File "C:\Program Files (x86)\Parallels\Plesk\python\lib\os.py", line 157, in makedirs mkdir(name, mode) WindowsError: [Error 5] Access Denied: 'Lib'
     
  6. custer

    custer Administrator Staff Member

    33
     
    Joined:
    Apr 24, 2007
    Messages:
    593
    Likes Received:
    101
    Hi Dennis,

    Just in case: have you installed Plesk 12.5 MU#24 before installing the extension?
     
    Dukemaster likes this.
  7. DennisAm

    DennisAm Basic Pleskian

    13
     
    Joined:
    Jun 22, 2013
    Messages:
    30
    Likes Received:
    0
    Location:
    Netherlands
    Yep, forgot to mention that. My apologies.

    I'm running Windows Server 2012 R2, Plesk 12.5.30 Update #24.

    Plesk displays that an error occurred during the installation of the extension, but also mentions that the extension was successfully installed (see screenshot below).
    When I try to run Let's Encrypt from wihtin a subscription, I get the error "Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: The system could not find the path specified."

    plesk.png
     
  8. Kingsley

    Kingsley Regular Pleskian

    21
    73%
    Joined:
    Dec 13, 2014
    Messages:
    473
    Likes Received:
    18
    Location:
    Nigeria
    Sub domain support?
     
  9. custer

    custer Administrator Staff Member

    33
     
    Joined:
    Apr 24, 2007
    Messages:
    593
    Likes Received:
    101
  10. trialotto

    trialotto Golden Pleskian Plesk Guru

    37
     
    Joined:
    Sep 28, 2009
    Messages:
    1,446
    Likes Received:
    206
    @custer (and @everyone interested),

    Subdomain support is already present.

    However, there are two ways of "thinking of subdomain support":

    1) having a LE certificate for (only) sub.domain.tld: this is not supported (and should not be supported, in the light of security considerations)

    2) having a LE certificate for domain.tld and associated (one or multiple) sub.domain.tld: this is supported, with the following notes

    - domain.tld and (all) sub.domain.tld share the same LE certificate,
    - the Let´s Encrypt interface is not quite convenient to assign the LE certificate,
    - one can use the CLI for the Let´s Encrypt extension to assign the LE certificate to domain.tld and (one or multiple) sub.domain.tld,
    - the usage of the CLI allows, in theory, to define (one or multiple) sub.domain.tld for which you want to use the LE certificate,

    and the above is the status quo, as far as I am aware of, I can be mistaken.

    Note that the widly demanded for "wildcard subdomain support" (read: subdomain support for *.domain.tld) is not the same as "subdomain support" (read: support for sub.domain.tld).

    In essence, the "wildcard" approach is a lazy definition style, as opposed to the explicit style of defining the sub.domain.tld.

    Let´s Encrypt does not or does not yet support the wildcard subdomain support, as far as I know of (and, again, it should not be supported, for security considerations).

    However, one can use the CLI for the Let´s Encrypt extension to define multiple domains or subdomains at once, a so-called "for loop" is not even necessary.

    Regards....
     
    Dukemaster and Kingsley like this.
  11. Eddie Spoon

    Eddie Spoon New Pleskian

    0
    20%
    Joined:
    Apr 22, 2016
    Messages:
    4
    Likes Received:
    0
    Can it be used for email? One of our biggest support issues is users who can't use port 25 but then have to put up with self signed SSL warnings.
     
  12. EugeneKazakov

    EugeneKazakov Basic Pleskian Staff Member

    19
     
    Joined:
    Aug 22, 2012
    Messages:
    99
    Likes Received:
    7
    Dukemaster likes this.
  13. Eddie Spoon

    Eddie Spoon New Pleskian

    0
    20%
    Joined:
    Apr 22, 2016
    Messages:
    4
    Likes Received:
    0
  14. mrkman

    mrkman New Pleskian

    15
    85%
    Joined:
    Mar 25, 2011
    Messages:
    9
    Likes Received:
    0
    I am running version 1.5. I have noticed that once Let's Encrypt is enabled/applied to a domain name, there is *no* way to turn off the Let's Encrypt SSL certificate for that domain name. Can a button be added so it can be disabled/removed please?
     
  15. custer

    custer Administrator Staff Member

    33
     
    Joined:
    Apr 24, 2007
    Messages:
    593
    Likes Received:
    101
    Go to Hosting Settings on a domain and choose a different certificate or no certificate at all. This will effectively "turn off" Let's Encrypt for this domain.
     
    Dukemaster likes this.
  16. mrkman

    mrkman New Pleskian

    15
    85%
    Joined:
    Mar 25, 2011
    Messages:
    9
    Likes Received:
    0
    Cool man thanks!
     
  17. trialotto

    trialotto Golden Pleskian Plesk Guru

    37
     
    Joined:
    Sep 28, 2009
    Messages:
    1,446
    Likes Received:
    206
    @mrkman (and @custer)

    An answer has already been given by @custer and that procedure should be followed, but that is not all.

    In addition, one should delete the let´s encrypt certificates in order to prevent that the LE extension updates the (unused) LE certificates in the background.

    That is a whole different story: it requires some digging and working with SSH.

    In short, a disable/remove button should be introduced into the LE extension.

    Regards......
     
  18. Larsm

    Larsm Basic Pleskian

    11
    35%
    Joined:
    Oct 17, 2016
    Messages:
    65
    Likes Received:
    17
    Location:
    germany
    hi,

    i have this Problem with letsencrypt: What cabn i do??

    Code:
    Fehler bei der Ausführung von /opt/psa/admin/plib/modules/letsencrypt/scripts/pre-uninstall.php. Der Exitcode lautet 1 und die Ausgabe ist: [2016-10-27 13:05:13] ERR [extension/letsencrypt] Cannot uninstall scheduled task renew_certificates with error: Object not found: 0x
    [2016-10-27 13:05:14] ERR [panel] Execution le-installer has failed with exit code 100, stdout: , stderr: E: Unable to locate package plesk-letsencrypt-pre
    :
    0: /opt/psa/admin/plib/pm/ApiCli.php:150
        pm_ApiCli::_filterResult(string 'le-installer', integer '100', string '', string 'E: Unable to locate package plesk-letsencrypt-pre
    ', integer '5')
    1: /opt/psa/admin/plib/pm/ApiCli.php:143
        pm_ApiCli::_execCommand(string 'le-installer', string ''/opt/psa/admin/bin/modules/letsencrypt/le-installer'  'remove'', integer '5', array)
    2: /opt/psa/admin/plib/pm/ApiCli.php:91
        pm_ApiCli::callSbin(string 'le-installer', array)
    3: /opt/psa/admin/plib/modules/letsencrypt/library/Installer.php:96
        Modules_Letsencrypt_Installer::cleanup()
    4: /opt/psa/admin/plib/modules/letsencrypt/scripts/pre-uninstall.php:6
    ERROR: pm_Exception_ResultException: Execution le-installer has failed with exit code 100, stdout: , stderr: E: Unable to locate package plesk-letsencrypt-pre
     (ApiCli.php:150)
    When i reinstall this extension i got this:

    Code:
    Fehler bei der Ausführung von /opt/psa/admin/plib/modules/letsencrypt/scripts/post-install.php. Der Exitcode lautet 1 und die Ausgabe ist: 
     
  19. vlikhtanskiy

    vlikhtanskiy Regular Pleskian Staff Member

    24
    40%
    Joined:
    Aug 6, 2012
    Messages:
    279
    Likes Received:
    29
    Hi @Larsm!

    Could you provide more details: What is output of command #plesk version ?
     
  20. TomBoB

    TomBoB Regular Pleskian

    17
    35%
    Joined:
    Jan 24, 2014
    Messages:
    133
    Likes Received:
    15
Loading...