Issue Let's Encrypt failing to renew if one alias domain is expired

[Denis Gomes Franco]

Hello. Here's something that happened today with one of my customers. His website uses two domains, a main one and an alias domain. The Let's Encrypt certificate was valid until nov 29th and didn't renew because the alias domain (and not the main domain) expired due to non payment.

I understand that the renewal process should fail because Let's Encrypt could not validate the alias domain, and I understand that it's up to the customer to keep their domains' payments up to date. But I think in these cases Plesk could try to issue a new certificate using only the main domain associated with the subscription, and then warn the administrator of a failed validation of the additional domains.

Due to this issue the main domain got unsecured for a few days. No big deal, the customer was at fault here, but anyway, I'll leave my suggestion here.

 

[mow]

Aren't LE certificates renewed a month before they expire? If your customer ignored the renewal failure for a month, then yes it's their fault alone.

 

[Denis Gomes Franco]

I run a managed hosting and website care business so my customers don't have to deal with technical stuff, so I'll be receiving any warnings and not them.

TBH I am not paying much attention (that's what automations are for LOL) but I do remember receiving emails from the Lets Encrypt bot warning about an impeding renewal. These emails, though, do not contain any warnings about expired or invalid domains.

The thing is: certificate renewals *are* going through just fine, except when one domain stops working. It's not a big deal as it does not happen so frequently, but I just thought about Plesk going forward with just the main domain in case of an error.