• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Lets Encrypt Wildcard succeeds manually but fails on automatic

TimReeves

TimReeves

Regular Pleskian
I'm seeing mails like this - every day:

Renewal of the following Let`s Encrypt certificates has failed:

* 'Lets Encrypt timreeves.de' [days to expire: 89]
[-] *.timreeves.de
[-] timreeves.de

Could not retrieve dns service status: DNS service is not enabled​
and
Renewal of the following Let`s Encrypt certificates has failed:

* 'Lets Encrypt syrian-heritage.org' [days to expire: 85]
[-] *.syrian-heritage.org
[-] syrian-heritage.org

Could not retrieve dns service status: DNS service is not enabled​

Those are 2 different servers, both Debian 9 and latest Obsidian (and no Bind). In both cases, the _acme_challenge DNS TXT records are present - and on a manual call the certificates are created successfully. Therefore there is no basic problem with my setup. If it works manually, it should not fail - and why is it being even tried, I still have over 80 days valid? Something needs looking at here...
 
I'm not sure the renewal was actually tried. Some other threads here lead me to believe that Plesk's Let's Encrypt Extension merely reports that the DNS is disabled locally and therefore no action will be taken for these domains.

Even more importantly, you'll get the notices but even when the day of expiry actually comes, the certificates won't be renewed automatically.

Refer to this thread for some additional information: LetsEncrypt suddenly became reliant on DNS extension.
 
Many thanks to @learning_curve - yes, that linked article describes exactly what I'm seeing. And good to read that it's a registered bug in SSL It!, so we can hope for a fix in the not too distant future. Will just delete the erroneous mails until then. Other than that, the SSL It! extension adds welcome features, bundled into one extension. It's already a favourite of mine.
 
You must log in or register to reply here.

Similar threads

D
Question Renewing Let's encrypt automatically
Replies
3
Views
494
Kaspar
K
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
273
mendip_discovery
M
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
1K
klowet
K
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
678
Azurel
Azurel
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
348
Leta
L
Back
Top