• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue LetsEncrypt certificates no longer automatically renewing, even though Plesk says they should

Koert

New Pleskian
Server operating system version
AlmaLinux 8.10 (Cerulean Leopard)
Plesk version and microupdate number
18.0.63 #1
I am having issues with LetsEncrypt that used to automatically renew just fine, but recently stopped automatically renewing even though Plesk says that auto renewal is turned on for the domain, it doesn't renew. Does anyone have any clue what could be wrong, or how I can figure out what could be wrong?
 
I have two identical servers that suddenly stopped auto-renewing wildcard certificates from LetsEncrypt somewhere back in March or April. (probably earlier, but that's when they started expiring). I can manually renew them, and have had to do that twice since then. But they still do not auto-renew.

The best trouble-shooting I've been able to accomplish was that LetsDebug gave me errors connecting to the website when the website had both IPv4 and IPv6. Removing IPv6 (AAAA) DNS records immediately cleared up the LetsDebug errors and the manual renewals proceeded. I'm waiting to see if that fixes the auto-renew, but I won't know until the first week of October (30 days from expiration).

But its a bit counter-productive to have to delete AAAA records from sites.

Plesk is fully updated (18.0.63 Update #1) on both servers, running Debian 10.13 (1&1/IONOS repo). Above errors were present after the last Plesk update.
 
Removing IPv6 (AAAA) DNS records immediately cleared up the LetsDebug errors and the manual renewals proceeded
I ran into this once a while back. That implies there's an IPv6 connection or configuration problem. LE will try to connect from multiple source IPs and if it fails to connect it won't renew the cert.
 
Back
Top