1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Resolved Let's Encrypt extension

Discussion in 'Plesk Extensions' started by custer, Feb 15, 2016.

  1. teckna

    teckna Basic Pleskian

    25
    73%
    Joined:
    Nov 17, 2006
    Messages:
    53
    Likes Received:
    0
    guys.. All domains on my plesk server now have the same date for the letsencrypt cert. 17 Mar 2016 - 17 Mar 2021. One example is https://brightside.bike , when you look at cert it runs from today until Jan 2018.
    OS ‪CentOS 6.9 (Final)‬
    Product Plesk Onyx
    Version 17.5.3 Update #25
     
  2. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Hi teckna,

    Are you aware, that Let's Encrypt certificates are only valid for 90 days?

    => FAQ - Let's Encrypt - Free SSL/TLS Certificates
     
  3. teckna

    teckna Basic Pleskian

    25
    73%
    Joined:
    Nov 17, 2006
    Messages:
    53
    Likes Received:
    0
    Here is a screen shot of the first 4 according to plesk they run 17 Mar 201617 Mar 2021

    Security Advisor - Plesk Onyx 17.5.3

    it shows:
    blog.print-print.co.uk
    bostongilmore.com
    brightside.bike
    cakesofgoodtaste.co.uk

    All certs are actually (you can view site and check) 16th Oct 2017 to 14 Jan 2018

    They all now start 16th Jan as I renewed the lot hoping it would change the dates :)

    Andy
     
  4. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Hi teckna,

    this is a ( temporary ) display - bug, which should be fixed within one of the nearest updates. Thank you for notifying.
     
  5. teckna

    teckna Basic Pleskian

    25
    73%
    Joined:
    Nov 17, 2006
    Messages:
    53
    Likes Received:
    0
    no problem .. it still works, which is the main thing :)))))
     
  6. Danilo Schwabe

    Danilo Schwabe Basic Pleskian

    10
    85%
    Joined:
    Apr 18, 2017
    Messages:
    57
    Likes Received:
    8
    Location:
    Berlin
    Thanks for the new version.

    BUT we are still missing the feature to request ONE single certificate within a subscription where one can select domains, subdomains, aliases as possible alternative names. Currently it is only possible to add aliases, which does not really make sense. We run into certificate request limits quiet often, since we have many customers who have a lot subdomains, that could go all into the same certificate.

    To add several domains and subdomains also into one certificate was requested a while ago already. Is this at least on the roadmap already?

    Thanks!
     
  7. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Danilo Schwabe likes this.
  8. Tony Herman

    Tony Herman New Pleskian

    1
    60%
    Joined:
    Oct 24, 2017
    Messages:
    2
    Likes Received:
    1
    Location:
    Madison, WI
    Hello, I didn't see anyone asking for this (hopefully this hasn't been covered yet) but is there a way to turn off the email sent to the Plesk account owner?

    We set the email address in the admin panel under Let's Encrypt for each domain to our admin email address but we found our clients are receiving notification emails and we'd like this turned off or just set so that the only emails going out are only to the email address set in the admin panel in Let's Encrypt. Maybe this is a bug, I'm not sure.

    Thanks in advance!
    -Tony
     
    Danilo Schwabe likes this.
  9. Ruslan Kosolapov

    Ruslan Kosolapov Basic Pleskian Staff Member

    7
    70%
    Joined:
    Sep 29, 2016
    Messages:
    26
    Likes Received:
    13
    Location:
    Novosibirsk
    Hello @Tony Herman ,

    Our (Plesk) notifications can be disabled by the following:
    1. Tools & Settings > Notifications
    2. remove "Customer" checkbox from "Let's Encrypt certificates auto-renewal failure (customer's digest)" and "Let's Encrypt certificates auto-renewal success (customer's digest)" items.

    If you mean notifications from Let's Encrypt servers - we'll check your case. Could you check the version of the extension, is it 2.4?
     
    Danilo Schwabe likes this.
  10. Tony Herman

    Tony Herman New Pleskian

    1
    60%
    Joined:
    Oct 24, 2017
    Messages:
    2
    Likes Received:
    1
    Location:
    Madison, WI
    That looks like what I need - thanks!
     
  11. weathermon

    weathermon New Pleskian

    11
    85%
    Joined:
    Jan 1, 2013
    Messages:
    10
    Likes Received:
    1
    Hi guys,

    We use the Let's Encrypt extension for our domain hosting for our customers. We are using SNI and have around 300 sites hosted on one IP. When I initially set up the Let's Encrypt SSL certificate for each domain, I put my email address in so customers didn't receive notifications about LE. When the renewal time came (within 30 days of expiry), I noticed that it automatically changed the email address back to the subscribers email address and as such customers were contacting me asking what the email was in regards to. I turned off the notifications for LE in the notifications section for now, but not sure if this is a bug that needs to be fixed?

    Also too, because we have around 300 domains for the IP, LE has blocked our IP with error 429 "Detail: Error creating new registration :: too many registrations for this IP". Is there any way around this for multiple sites on a single IP? Maybe it might be worthwhile in the cron script that checks renewals each day, to set a limit to say 10 renewals every 3 hours instead of looping through every domain that has a certificate?

    It appears we're hitting this limit "You can create a maximum of 10 Accounts per IP Address per 3 hours."

    Cheers, Mike
     
    Last edited: Dec 3, 2017
    Tomek likes this.
  12. Ruslan Kosolapov

    Ruslan Kosolapov Basic Pleskian Staff Member

    7
    70%
    Joined:
    Sep 29, 2016
    Messages:
    26
    Likes Received:
    13
    Location:
    Novosibirsk
    Hi @weathermon!

    Thanks for your cases, I've added them into our backlog.
     
  13. trialotto

    trialotto Golden Pleskian Plesk Guru

    37
     
    Joined:
    Sep 28, 2009
    Messages:
    1,445
    Likes Received:
    206
    @weathermon

    You stated

    and it is very likely that you are hitting some limits, as used by default by LE servers.

    You can take the easy path and just spread renewals across various dates (hence reducing the probability that you will hit the LE limits).

    This solution simply requires that you select some random domains and renew them manually: LE will start counting from the date you renewed them (and all other domains will be renewed at the default date, which should be very similar for those domains).

    In essence, this solution attempts to play around with LE limits (and this might require some trial-and-error).

    You can also use one of the development servers of LE, which servers are not limited (read: they are limited, but not as strict as the regular LE servers).

    The default rate limit for LE is: a maximum of 10 Accounts per IP Address per 3 hours.

    The staging rate limit for LE is: a maximum of 50 Accounts per IP Address per 3 hours.

    In theory, you should be able to run the command

    plesk bin extension --exec letsencrypt cli.php [regular LE command] --staging

    and note that

    - the --staging flag will result in using the development servers of LE
    - the regular LE command should be based on "certbot" (otherwise, the --staging will most likely not work)


    I personally recommend that you use the method of spreading the renewals across various dates.

    That way, you will not have any issues with automatic renewals of LE certificates.


    Hope the above helps a bit.

    Regards.........
     
    weathermon and Tomek like this.
  14. weathermon

    weathermon New Pleskian

    11
    85%
    Joined:
    Jan 1, 2013
    Messages:
    10
    Likes Received:
    1
    Ok cool I might start manually renewing a few domains per day so we don't hit the limit again. Thanks for your help!

    Cheers, Mike
     
  15. Ruslan Kosolapov

    Ruslan Kosolapov Basic Pleskian Staff Member

    7
    70%
    Joined:
    Sep 29, 2016
    Messages:
    26
    Likes Received:
    13
    Location:
    Novosibirsk
    Tomek likes this.
  16. trialotto

    trialotto Golden Pleskian Plesk Guru

    37
     
    Joined:
    Sep 28, 2009
    Messages:
    1,445
    Likes Received:
    206
Loading...