Facebook
Twitter
themew
Regular Pleskian
New install of Onyx in Oct. Create main domain and upload purchased SSL to secure. Choose that SSL in Hosting Settings. Works perfect.
Created a subdomain mail.domain.com to log into Plesk and for email. Installed Let's Encrypt extension to create an SSL. Let's Encrypt creates the SSL and the cron for 28 day renewal.
Go to TOOLS > SETTINGS > SSL/TLS certificates and choose the Let's Encrypt SSLs to secure Plesk and Email. Works perfectly. Plesk and email secure using the Let's Encrypt SSL.
Fast forward 28 days. The Let's Encrypt SSL doesn't renew but the cron runs without errors. I choose to wait another 28 days in case there's a reported issue.
Let's Encrypt SSL still doesn't renew and expires in less than 30 days. Manually run the cron - shows successful. SSL still not renewed. Reboot server. No change.
Both the purchased and Let's Encrypt SSL appear in the SSL/TLS certs list for the domain. No SSLs appear int he SSL/TLS section of the subdomain.
In TOOLS > SETTINGS > SSL/TSL the Let's Encrypt certificate shows for Plesk and email secured using Let's Encrypt from the main domain, however only the Plesk default SSL appears as a Default Certificate on the page.
The domain SSL shows it's being used (1) and the default SSL (installed self-signed by Plesk) shows it's being used (1) but the Let's Encrypt SSL listed with the domain's SSL shows not being used (0).
However, logging into mail.domain.com:8443 the correct (but won't renew) Let's Encrypt SSL is being used.
Again, everything operates flawlessly, I can't renew the Let's Encrypt SSL.
Decide to create a new SSL in the subdomain Let's Encrypt section (maybe it will fix the issue or let me choose it).
Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to /usr/local/psa/var/modules/letsencrypt/logs/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.domain.com
Starting new HTTPS connection (1): 127.0.0.1
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /usr/local/psa/var/modules/letsencrypt/etc/keys/0000_key-certbot.pem
Creating CSR: /usr/local/psa/var/modules/letsencrypt/etc/csr/0000_csr-certbot.pem
Non-standard path(s), might not work with crontab installed by your operating system package manager
Starting new HTTPS connection (1): 127.0.0.1
Starting new HTTPS connection (1): 127.0.0.1
Starting new HTTPS connection (1): 127.0.0.1
Install certificate failure: Unable to set certificate name :
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/usr/local/psa/var/modules/letsencrypt/etc/live/mail.domain.com/fullchain.pem.
Your cert will expire on 2017-03-27. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Your account credentials have been saved in your Certbot
configuration directory at
/usr/local/psa/var/modules/letsencrypt/etc. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
There is no renewal button or option in either Let's Encrypt domain or subdomain area.
Cron command Plesk installed: /usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/letsencrypt/scripts/renew-certificates.php'
Any ideas how to fix or modify this issue?
Is there a way to move the Let's Encrypt SSL out of the main domain list and move it to the subdomain SSL - or - can I delete the current Let's Encrypt SSL, create a new one in the subdomain and fix the path in TOOLS / SETTINGS > SSL CERTIFICATES?
We had the exactly same config on a Plesk 12.5 server (did not migrate, this was a fresh install) and the Let's Encrypt SSL for the subdomain (also the hostname) cert did renew.
Everything still working perfectly, until the Let's Encrypt SSL expires in 22 days.
Created a subdomain mail.domain.com to log into Plesk and for email. Installed Let's Encrypt extension to create an SSL. Let's Encrypt creates the SSL and the cron for 28 day renewal.
Go to TOOLS > SETTINGS > SSL/TLS certificates and choose the Let's Encrypt SSLs to secure Plesk and Email. Works perfectly. Plesk and email secure using the Let's Encrypt SSL.
Fast forward 28 days. The Let's Encrypt SSL doesn't renew but the cron runs without errors. I choose to wait another 28 days in case there's a reported issue.
Let's Encrypt SSL still doesn't renew and expires in less than 30 days. Manually run the cron - shows successful. SSL still not renewed. Reboot server. No change.
Both the purchased and Let's Encrypt SSL appear in the SSL/TLS certs list for the domain. No SSLs appear int he SSL/TLS section of the subdomain.
In TOOLS > SETTINGS > SSL/TSL the Let's Encrypt certificate shows for Plesk and email secured using Let's Encrypt from the main domain, however only the Plesk default SSL appears as a Default Certificate on the page.
The domain SSL shows it's being used (1) and the default SSL (installed self-signed by Plesk) shows it's being used (1) but the Let's Encrypt SSL listed with the domain's SSL shows not being used (0).
However, logging into mail.domain.com:8443 the correct (but won't renew) Let's Encrypt SSL is being used.
Again, everything operates flawlessly, I can't renew the Let's Encrypt SSL.
Decide to create a new SSL in the subdomain Let's Encrypt section (maybe it will fix the issue or let me choose it).
Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to /usr/local/psa/var/modules/letsencrypt/logs/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.domain.com
Starting new HTTPS connection (1): 127.0.0.1
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /usr/local/psa/var/modules/letsencrypt/etc/keys/0000_key-certbot.pem
Creating CSR: /usr/local/psa/var/modules/letsencrypt/etc/csr/0000_csr-certbot.pem
Non-standard path(s), might not work with crontab installed by your operating system package manager
Starting new HTTPS connection (1): 127.0.0.1
Starting new HTTPS connection (1): 127.0.0.1
Starting new HTTPS connection (1): 127.0.0.1
Install certificate failure: Unable to set certificate name :
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/usr/local/psa/var/modules/letsencrypt/etc/live/mail.domain.com/fullchain.pem.
Your cert will expire on 2017-03-27. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Your account credentials have been saved in your Certbot
configuration directory at
/usr/local/psa/var/modules/letsencrypt/etc. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
There is no renewal button or option in either Let's Encrypt domain or subdomain area.
Cron command Plesk installed: /usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/letsencrypt/scripts/renew-certificates.php'
Any ideas how to fix or modify this issue?
Is there a way to move the Let's Encrypt SSL out of the main domain list and move it to the subdomain SSL - or - can I delete the current Let's Encrypt SSL, create a new one in the subdomain and fix the path in TOOLS / SETTINGS > SSL CERTIFICATES?
We had the exactly same config on a Plesk 12.5 server (did not migrate, this was a fresh install) and the Let's Encrypt SSL for the subdomain (also the hostname) cert did renew.
Everything still working perfectly, until the Let's Encrypt SSL expires in 22 days.
Last edited:
