• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Lets Encrypt Wildcard succeeds manually but fails on automatic

TimReeves

Regular Pleskian
I'm seeing mails like this - every day:

Renewal of the following Let`s Encrypt certificates has failed:

* 'Lets Encrypt timreeves.de' [days to expire: 89]
[-] *.timreeves.de
[-] timreeves.de

Could not retrieve dns service status: DNS service is not enabled​
and
Renewal of the following Let`s Encrypt certificates has failed:

* 'Lets Encrypt syrian-heritage.org' [days to expire: 85]
[-] *.syrian-heritage.org
[-] syrian-heritage.org

Could not retrieve dns service status: DNS service is not enabled​

Those are 2 different servers, both Debian 9 and latest Obsidian (and no Bind). In both cases, the _acme_challenge DNS TXT records are present - and on a manual call the certificates are created successfully. Therefore there is no basic problem with my setup. If it works manually, it should not fail - and why is it being even tried, I still have over 80 days valid? Something needs looking at here...
 
I'm not sure the renewal was actually tried. Some other threads here lead me to believe that Plesk's Let's Encrypt Extension merely reports that the DNS is disabled locally and therefore no action will be taken for these domains.

Even more importantly, you'll get the notices but even when the day of expiry actually comes, the certificates won't be renewed automatically.

Refer to this thread for some additional information: LetsEncrypt suddenly became reliant on DNS extension.
 
Many thanks to @learning_curve - yes, that linked article describes exactly what I'm seeing. And good to read that it's a registered bug in SSL It!, so we can hope for a fix in the not too distant future. Will just delete the erroneous mails until then. Other than that, the SSL It! extension adds welcome features, bundled into one extension. It's already a favourite of mine.
 
Back
Top