• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Issue Lets Encrypt Wildcard succeeds manually but fails on automatic

TimReeves

TimReeves

Regular Pleskian
I'm seeing mails like this - every day:

Renewal of the following Let`s Encrypt certificates has failed:

* 'Lets Encrypt timreeves.de' [days to expire: 89]
[-] *.timreeves.de
[-] timreeves.de

Could not retrieve dns service status: DNS service is not enabled​
and
Renewal of the following Let`s Encrypt certificates has failed:

* 'Lets Encrypt syrian-heritage.org' [days to expire: 85]
[-] *.syrian-heritage.org
[-] syrian-heritage.org

Could not retrieve dns service status: DNS service is not enabled​

Those are 2 different servers, both Debian 9 and latest Obsidian (and no Bind). In both cases, the _acme_challenge DNS TXT records are present - and on a manual call the certificates are created successfully. Therefore there is no basic problem with my setup. If it works manually, it should not fail - and why is it being even tried, I still have over 80 days valid? Something needs looking at here...
 
I'm not sure the renewal was actually tried. Some other threads here lead me to believe that Plesk's Let's Encrypt Extension merely reports that the DNS is disabled locally and therefore no action will be taken for these domains.

Even more importantly, you'll get the notices but even when the day of expiry actually comes, the certificates won't be renewed automatically.

Refer to this thread for some additional information: LetsEncrypt suddenly became reliant on DNS extension.
 
Many thanks to @learning_curve - yes, that linked article describes exactly what I'm seeing. And good to read that it's a registered bug in SSL It!, so we can hope for a fix in the not too distant future. Will just delete the erroneous mails until then. Other than that, the SSL It! extension adds welcome features, bundled into one extension. It's already a favourite of mine.
 
You must log in or register to reply here.

Similar threads

S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
2K
SilentWarrior
S
D
Question Renewing Let's encrypt automatically
Replies
6
Views
2K
iainh
I
M
Issue Let's Encrypt Bulk Domain Renewal
Replies
4
Views
1K
MacGyver
M
R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
1K
Robin McDermott
R
W
Question Wanted: Best practice for certificates (Lets Encrypt) two separate Plesk servers for www and mail
2
Replies
20
Views
3K
W4ru
W
Back
Top