Facebook
Twitter
Hello Danilo,
Thanks for your feedback! We will look into updating this entry to make it more understandable.
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Let's Encrypt extension
- Thread starter custer
- Start date
Hello Danilo,
Thanks for your feedback! We will look into updating this entry to make it more understandable.
Here it has installed a DAILY crontab opposed to the previous version that was set to monthly, and it was only discovered now. It has also silently altered the execution time setting to "midnight". That is very bad, because we had to set a specific execution time as the extension had been causing issues on the auto-attended run every night.
We have now changed execution back to monthly and to a time where we have definitely a person on sight to make sure that in case the extension messes certificate names up as it did before someone can fix it right away. Hopefully not running this daily does not have new, unknown caveats.
EDIT: I assume that it was changed to "daily" to reduce the number of certificates that will actually be renewed on each run. This will probably improve stability, because previously, if one renewal failed or was mis-named, it caused other processes trouble.
Last edited:
U
UFHH01
Guest
Hi Peter Debik,
yes, this option recently changed... it is indeed now a DAILY crontab by default, but you may certainly modify the crontab to your own needs and desires.
yes, this option recently changed... it is indeed now a DAILY crontab by default, but you may certainly modify the crontab to your own needs and desires.
O.k., my previous thought was not complete. It is probably better to run it daily (during daytime however), because then it will only renew 1/30 of all cert certs on average compared to the previous model. The previous model took up to 45 minutes on our systems for one renewal cycle, and it gave many headaches. So probably the new model with daily renewals is the better choice. Interesting though, that despite I am on the forum daily and dealing with this stuff daily I have only now discovered that the latest update to 2.0.3 also brought the enhancement to the alias domain selection ... The only thing that is still missing is the webmail Let's Encrypt option. That's something many customers are asking for.
U
UFHH01
Guest
As I heard and read, they are still "working on it"... the current version is still not perfect, but I doubt that it will take long for a ( let's call it ) final version, with all requested features for this Extension ( apart the not-possible ones, of course! ^^ ).
Some things take a bit longer, to make you smile when they are finished!
They now have it! As of most recent LE update, I have a checkbox for www and also for webmail.
Recently all my Lets Encrypt domain certs expired and when I went to renew them (for some reason they did not auto-renew) so I tried renewing them manually, especially the main domain for the domain our plesk control panel so it would be secured, but I get this weird error message: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Fetching http://galaxyserver.net/.well-known/acme-challenge/[Redacted]: Timeout
Well, there is no such directory, there never was, so I don't know what that is all about, but I get similar error messages on all the other domains/subdomains I am trying to renew my LE certs on my server.
Well, there is no such directory, there never was, so I don't know what that is all about, but I get similar error messages on all the other domains/subdomains I am trying to renew my LE certs on my server.
U
UFHH01
Guest
Hi Ryan,
Pls. CHECK your DNS - settings, which are currently for example:
Additional informations:
Pls. CHECK your DNS - settings, which are currently for example:
The directory ".well-known" and the subdirectory "acme-challenge" will be ( temporarily ) created during the Let's Encrypt - validation process. Pls. see your "panel.log" for further informations to the creation and deletion process.
Additional informations:
Sometimes, it is as well a good idea to change the log - level ( TEMPORARILY! ), to get more informations in Plesk - log - files:
U
UFHH01
Guest
Hi galaxy,
sorry, but I don't really understand, what your goal is, as your questions and descriptions are not very precise.
sorry, but I don't really understand, what your goal is, as your questions and descriptions are not very precise.
Which "hosting settings", pls. ?
There is no "automatic" option over your Plesk Control Panel to secure a domain/subdomain with a certificate. If you desire a unique procedure to do that ( when you create a domain/subdomain ), pls. consider to create a new event with the "Event Manager" ( => HOME > Tools & Settings > Event Manager ).
What I meant is that I have a domain for the company: mydomain.tld and it has a dedicated IP address.
I've created DNS entries for mail.mydomain.tld and cp.mydomain.tld which are the servers main address, not the same as mydomain.tld.
So the mail server certificate for mail.mydomain.tld expired yesterday and I'm trying to find a way to automate a SSL certificate for the mail system.
It would be a bonus to have cp.mydomain.tld have a certificate too.
Since plesk subdomains must have the same IP address as the main domain, I can't make them sub-domains of mydomain.tld.
To bypass this, I've now created a new subscription called cp.mydomain.tld with the server's IP address. I've aliased mail.mydomain.tld to cp.mydomain.tld.
It doesn't appear to create a certificate for the alias, only cp.mydomain.tld.
So I'll try making it just another domain rather than an alias or subdomain.
I've created DNS entries for mail.mydomain.tld and cp.mydomain.tld which are the servers main address, not the same as mydomain.tld.
So the mail server certificate for mail.mydomain.tld expired yesterday and I'm trying to find a way to automate a SSL certificate for the mail system.
It would be a bonus to have cp.mydomain.tld have a certificate too.
Since plesk subdomains must have the same IP address as the main domain, I can't make them sub-domains of mydomain.tld.
To bypass this, I've now created a new subscription called cp.mydomain.tld with the server's IP address. I've aliased mail.mydomain.tld to cp.mydomain.tld.
It doesn't appear to create a certificate for the alias, only cp.mydomain.tld.
So I'll try making it just another domain rather than an alias or subdomain.
U
UFHH01
Guest
Hi galaxy,
The "autorenew" - crontab for Let's Encrypt should take care of the automatic renewal of your certificates, which you are able to inspect in your "panel.log", where the Plesk Let's Encrypt Extension logs it's actions.
... and how about creating separate subscriptions with the corresponding IPs for "mail.mydomain.tld" and "cp.mydomain.tld" ?
The "autorenew" - crontab for Let's Encrypt should take care of the automatic renewal of your certificates, which you are able to inspect in your "panel.log", where the Plesk Let's Encrypt Extension logs it's actions.
U
UFHH01
Guest
Hi galaxy,
No. But you will have no difficulties to switch from "dedicated" to "shared" IP at => HOME > Tools & Settings > IP Addresses
U
UFHH01
Guest
Hi galaxy,
WHICH IPs are available to your resellers, can be defined by YOU at the reseller - service - plan(s)
Customers IP(s) are defined by YOU, when you create their subscription(s) and reseller(s) customer(s) are only able to use IP(s) defined in their reseller plan(s).
WHICH IPs are available to your resellers, can be defined by YOU at the reseller - service - plan(s)
=> HOME > Service Plans > (tab) Reseller Plans > YOUR-RESELLER-PLAN-NAME > ( tab) IP Addresses
Customers IP(s) are defined by YOU, when you create their subscription(s) and reseller(s) customer(s) are only able to use IP(s) defined in their reseller plan(s).
U
UFHH01
Guest
Hi galaxy,
if you desire support for "Odin Business Automation", pls. visit: => Customer Service and Support - Odin
if you desire support for "Odin Business Automation", pls. visit: => Customer Service and Support - Odin
This plugin has nothing to do with OBAS. Not sure where you're going with this. I don't want to put this administrative stuff into the billing system. It doesn't support the extension anyway.
I'm sure (when I get the chance), I'll get the second domain working after LE lets me. LE errors, too many attempts... Just need to wait it out.
I'm sure (when I get the chance), I'll get the second domain working after LE lets me. LE errors, too many attempts... Just need to wait it out.
U
UFHH01
Guest
Hi galaxy,
Well, sorry, but it was YOU, who brought up "OBAS"... I just wanted to make sure, that we can't give you any support for "OBAS" here at the Plesk Community Forum, as this product is not from Plesk.
