• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Vote Let's Encrypt support

WOuld you like to have free X509 certificate with Let's Encrypt initiative implemented with Plesk 12


  • Total voters
    56
Hey, for windows server there is a little tool (letsencrypt-win-simple on github) that will generate ssl certificates from lets encrypt. That tool uses ACMESharp as the Client Library.
The tool also sets up a windows task that will renew the certificates in a 60 day cycle.
Ive managed to modify the code so that it will upload the generated certificates to the corresponding plesk registerd domain. So you basically just select the domain, press enter and have it ssl enabled.

Now iam trying to learn the Extension stuff so that i can write a little extension for that system, do implement letsencrypt into windows plesk.
 
Hey, for windows server there is a little tool (letsencrypt-win-simple on github) that will generate ssl certificates from lets encrypt. That tool uses ACMESharp as the Client Library.
The tool also sets up a windows task that will renew the certificates in a 60 day cycle.
Ive managed to modify the code so that it will upload the generated certificates to the corresponding plesk registerd domain. So you basically just select the domain, press enter and have it ssl enabled.

Now iam trying to learn the Extension stuff so that i can write a little extension for that system, do implement letsencrypt into windows plesk.

Hi,

You might be happy to hear that we've almost finished updating our extension so that it can work on Windows.
 
Hi, thx again for the great work, it works perfectly, including the auto-renew.

I only one domain that fail to be renewed.
When I try manually, I get the following error:

Code:
Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: 2016-01-16 18:55:47,204:WARNING:letsencrypt.cli:Root (sudo) is required to run most of letsencrypt functionality.
Failed authorization procedure. domain.tld (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to http://domain.tld/.well-known/acme-challenge/*SomeKey*, www.domain.tld (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to http://www.domain.tld/.well-known/acme-challenge/*SomeKey*
IMPORTANT NOTES:
- The following 'urn:acme:error:connection' errors were reported by
the server:

Domains: domain.tld, www.domain.tld
Error: The server could not connect to the client to verify the
domain

What shall I do?

Thx for your help.
 
Code:
Could not connect to http://domain.tld/.well-known/acme-challenge/*SomeKey*
tells you what you need to know. Check if you can access the randomdigit code inside that .well-known directory. It needs to be accessible from outside so lets encrypt can very that this is your domain. This should be an issue with .htaccess or web.config depending on your webserver
 
Executing /usr/local/psa/admin/plib/modules/letsencrypt/scripts/post-install.php failed: Bootstrapping dependencies for centos 6 x86_64... Creating virtual environment... Updating letsencrypt and virtual environment dependencies... cffi-1.3.0-cp26-none-linux_x86_64.whl is not a supported wheel on this platform.


Plesk 12.5 on CentOS 6. How can this be fixed ?
 
cffi-1.3.0-cp26-none-linux_x86_64.whl

As far as I know cp26 means CPython 2.6. But Letsencryp requires version 2.7. Try to update Python on your server to 2.7 version.
 
greetings
here is the situation i have:

i have a domain and in this domain, i set up a letsencypt certificate with no problem, everything was fine.
for some reason, i have to DELETE this domain from plesk (remove domain) and then to i create it again.

after that, the letsencypt CAN NOT install in this re-created domain!
i am getting this message:

Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: 2016-02-05 19:11:23,440:WARNING:letsencrypt.cli:Root (sudo) is required to run most of letsencrypt functionality.
Install certificate failure: Unable to set certificate name :
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/opt/psa/var/modules/letsencrypt/etc/live/mydomain.com/fullchain.pem.
Your cert will expire on 2016-05-05. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.

this is ONLY in this domain. in all others i have no problem.

i have latest plesk (12.5.30 Update #20) in debian 8.2

is this a bug or it is something else?
how can i resolve this?

thank you for your time and for your support.
 
As you can see, i am getting Error, WARNING and Congratulations in the SAME message!
The fact is this: I CAN'T install letsencrypt in this domain....
 
cffi-1.3.0-cp26-none-linux_x86_64.whl

As far as I know cp26 means CPython 2.6. But Letsencryp requires version 2.7. Try to update Python on your server to 2.7 version.

Well, this won't work then. Python 2.7 and above can only be installed in /usr/local or something, since replacing python 2.66 with 2.7 will break "yum". And as i'm not able to tell the addon-installer to use another path for python :/
 
I had a one year free cert that expired two days ago, it was too complicated to renew. Searched for another solution and came across let's encrypt.. did another search for plesk and found that the good men in this community wrote an extension. One click to download, another to install on my 12.5.x server, and one last click on the Let's Encrypt icon in the Domains main page. My site is back in business. This is really amazing thank you all. Its good for one year, hopefully it will auto-renew.
 
i have error
Code:
Errore: Installazione del certificato SSL Let's Encrypt non riuscita: Failed letsencrypt execution: Failed authorization procedure. webchat.domains (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://webchat.domains/.well-known/acme-challenge/4Y63ZsT6ZFV6mvK3bgiROw9hfOc8mwVwxaLeCySS8kA: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p", www.webchat.domains (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.webchat.domains/.well-known/acme-challenge/cCkRiIrbDb2WLyulRleSaCPGjUWgXq0tL_Iy0Q53aLc: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: webchat.domains
Type: unauthorized
Detail: Invalid response from http://webchat.domains/.well-known
/acme-challenge/4Y63ZsT6ZFV6mvK3bgiROw9hfOc8mwVwxaLeCySS8kA:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"

Domain: www.webchat.domains
Type: unauthorized
Detail: Invalid response from http://www.webchat.domains/.well-
known/acme-challenge/cCkRiIrbDb2WLyulRleSaCPGjUWgXq0tL_Iy0Q53aLc:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
 
Hi camaran,

Code:
Status: HTTP/1.1 301 Moved Permanently
Server:    nginx   
Date:    Thu, 02 Jun 2016 21:28:54 GMT   
Content-Type:    text/html   
Content-Length:    178   
Connection:    close   
Location:    http://webchat.domains/   
Strict-Transport-Security:    max-age=31536000; includeSubDomains; preload

You have HSTS enabled on your server, but the acme-challenges are done over http. If you use HSTS, you have to stop nginx during the creating-procedure over the Plesk Control Panel, because even additional rewrite directives for the location "/.well-
known/acme-challenge/
" will not work, because the Plesk Let's Encrypt - client places a ".htaccess" file inside "/.well-known/acme-challenge/" with "RewriteEngine off" during the procedure.

Unfortunately, I haven't yet found a decent solution for domains with HSTS enabled, not with "www.", nor without it. :rolleyes:
 
Back
Top