• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Let's Encrypt is partially out of control

H

H9k

Regular Pleskian
A couple of weeks ago we enabled the "Keep websites secured with free SSL Certificate" feature on all of our service plans.
It worked fine for the most part, however there are some subscriptions where with one of the following situations:
  • Domain not resolvable, but www.domain resolvable
  • Domain resolvable, but www.domain not resolvable
  • Website hosted elsewhere, like WiX
  • Email service disabled and thus no webmail
Customers of such websites are getting daily emails with error messages telling them that Let's Encrypt failed to secure their subscription.
This also continues even if I customize their subscription and set the Let's Encrypt option to "None" in the "Additional Services" tab.

If I enable mail notification from the Let's Encrypt scheduled task, I get an email every hour about some failures, but there are many more that I don't get in the mail but customers do.
This is starting to annoy customers and I don't know how to stop this.

I tried to see if there is some sign in the database from the Let's Encrypt extension, but all I could find is in the ModuleSettings table that the e-mail addresses for the subscriptions are stored... but for some reason it only lists 79 whereas I have about 300 subscriptions.

Has anyone experienced similar issues and managed to solve the problem?
 
H9k said:
A couple of weeks ago we enabled the "Keep websites secured with free SSL Certificate" feature on all of our service plans.
It worked fine for the most part, however there are some subscriptions where with one of the following situations:
  • Domain not resolvable, but www.domain resolvable
  • Domain resolvable, but www.domain not resolvable
  • Website hosted elsewhere, like WiX
  • Email service disabled and thus no webmail
Customers of such websites are getting daily emails with error messages telling them that Let's Encrypt failed to secure their subscription.
This also continues even if I customize their subscription and set the Let's Encrypt option to "None" in the "Additional Services" tab.

If I enable mail notification from the Let's Encrypt scheduled task, I get an email every hour about some failures, but there are many more that I don't get in the mail but customers do.
This is starting to annoy customers and I don't know how to stop this.

I tried to see if there is some sign in the database from the Let's Encrypt extension, but all I could find is in the ModuleSettings table that the e-mail addresses for the subscriptions are stored... but for some reason it only lists 79 whereas I have about 300 subscriptions.

Has anyone experienced similar issues and managed to solve the problem?
Click to expand...

Hello,

Notifications about letsencrypt renewal or fails are sent by Plesk, you can disable them in Tools & Settings > Notifications .
Have you enable letsencrypt with www support even on subdomains ?
 
Oh, thanks for pointing it out, that will be a relief for the affected customers :)
I have now set the notifications to be sent to me instead, so I can have an overview about what is failing.

Basically what I have done was to enable that option in the service plans, then I used the Security Advisor to actually secure the subscriptions that did not have a certificate yet. I did not explicitly specify to secure www or not, or to secure webmail or not. Actually, I found out that the security advisor did not secure neither www nor webmail, I had to manually go through the subscriptions and change that one by one. Of course, in the Plesk UI the webmail option is greyed out if the mail service is disabled, but for some reason it still tries to secure the webmail in the background, for example.
Also some websites that are hosted elsewhere, even though I dsabled the "keep websites secured" option in their subscription, Let's Encrypt extension is still attempting to secure that website and I find no way to stop this.
 
You must log in or register to reply here.

Similar threads

M
Issue Let's Encrypt Bulk Domain Renewal
Replies
4
Views
504
MacGyver
M
S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
1K
SilentWarrior
S
B
Issue Can't add a Let's encrypt certificate
Replies
5
Views
582
Sebahat.hadzhi
Sebahat.hadzhi
G J Piper
Resolved SSL It! Let's Encrypt Not Issuing Certificate on MX-only Domain
Replies
8
Views
559
G J Piper
G J Piper
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
Back
Top