• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Let's Encrypt tries to renew certificates for deleted domains

Fabrizio

New Pleskian
Hi,

after I deleted some domains (and subscriptions) I receive error emails due to failed certificate renewal by Let's Encrypt. Obviously the renewal fails because the domains no longer exist on my server, the question is: why Let's Encrypt continues to try to renew certificates for deleted domains?
I think because, when I delete the subscriptions, Plesk does not remove Let's Encrypt configuration files and keys in
/usr/local/psa/var/modules/letsencrypt/etc/live
Can I safely delete via shell useless folders like /usr/local/psa/var/modules/letsencrypt/etc/live/deleteddomain.com?

Thank you
 
Could you clarify how many such "error emails due to failed certificate renewal by Let's Encrypt" you received?
If only one, then it's like a deferred notification and this is normal. If several notifications are received, then most likely it is a bug and it would be good to investigate it - welcome to the Reports
 
I think because, when I delete the subscriptions, Plesk does not remove Let's Encrypt configuration files and keys in
/usr/local/psa/var/modules/letsencrypt/etc/live
No, it's not because of this - the update procedure checks certificates in the Plesk database, but not in /usr/local/psa/var/modules/letsencrypt/etc/live
Can I safely delete via shell useless folders like /usr/local/psa/var/modules/letsencrypt/etc/live/deleteddomain.com?
Yes, you can safely remove it, it will not affect anything.
 
Thank you for you reply,

I received these emails for three days at the same hour: today would be the fourth.

The emails are like this:

<<
Could not secure domains of Fabrizio (login admin) with Let's Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:

<none>

The following domains have been secured without some of their Subject Alternative Names:

<none>

Could not renew Let's Encrypt certificates for Fabrizio (login admin). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let's Encrypt certificates has failed:
...
>>

If I receive another e-mail today I'll report the bug.

By now, maybe I could modify the Plesk database to delete any directive for deleted domain certificates renewal.
Any suggestions?

Thanks again
 
I have the same problem with both, a deleted domain and one disabled domain. How can I resolve this issue?

E-Mail:

Could not secure domains of admin (login admin) with Let's Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:

 
all of the deleted domains stay somewhere in a cron for renewing. every day
some have no domain name just customername stated.

dirk
 
i had this problem but slightly different, I received email that LE couldn't renew a certificate that I previously deleted on a domain that I later issue again with LE
 
I can also confirm that the problem still (or again) exists - at least for 1 certificate that was deleted as it is no longer needed. Was this issue reported? I canot find an entry under reports?
 
Hello,

Did you check in:
/usr/local/psa/var/modules/letsencrypt/etc/live
/usr/local/psa/var/modules/letsencrypt/etc/archive

I just had the same problem, and that is where I found two directories, named like the deleted domain.
I moved them in a "neutral" directory.
(/home if you must know, I do not like deleting files, when I am not sure that it will not makes things worse.)

I will now wait and see if I still get a warning mail...
 
Hello!

Same problem here, "could not secure domains for ..." but domains are deleted.
Is there any feedback about this issue?

Thanks!
 
Solution is to run the Plesk Repair Utility.

I ran these and solved the problem:

# plesk repair db
# plesk repair web -server

Your problem could like elsewhere in the config, so if the above doesn't help, you may want to read the Plesk Repair Utilty page.
 
I have exact the same problem.
Unfortunately the tip from milan_ns doesn't work for me.
The deleted domains are still listed inside /usr/local/psa/var/modules/letsencrypt/etc/live and /usr/local/psa/var/modules/letsencrypt/etc/renewal/ dir.
This problem is really annoying, especially since no one in the plesk team seems to care about it for more than a year! :(
 
I can also confirm that the problem still (or again) exists - at least for 1 certificate that was deleted as it is no longer needed. Was this issue reported? I can't find an entry under reports?
 
Back
Top