Resolved LetsEncrypt Plesk Hostname

[MikeA]

Ever since I've used Plesk (12+) I've never been able to use the SecurityAdvisor LetsEncrypt extension to create a certificate for my server hostname that Plesk runs on. I've ignored this issue and just used the self-signed certificate since I rarely use the admin end, but I'd like to finally find a fix for my problem.

I just updated to the latest release, Onyx, hoping it would fix the issue since but nothing has changed.

Note: I'm not talking about website SSL, I'm referring to the actual server hostname to connect to Plesk admin interface.

Generating certificates for websites on the server works fine with the official LetsEncrypt extension, but using the SecurityAdvisor to generate hostname certificate always gives the error above. Does anyone else have this problem?

 

[UFHH01]

Hi MikeA,

did you see this thread: => Resolved - Letsencrypt fails to secure domain (and plesk panel)

If you have errors/issues/problems with the suggestions at the mentioned thread, pls. don't hesitate to ask for additional suggestions.

 

[MikeA]

Hi MikeA,

did you see this thread: => Resolved - Letsencrypt fails to secure domain (and plesk panel)

If you have errors/issues/problems with the suggestions at the mentioned thread, pls. don't hesitate to ask for additional suggestions.

I don't find anything useful in that thread, I've read over it two or three times. The shell script there is what is packed with Plesk now in the extension (that fails with 404 error.)

 

[UFHH01]

Hi MikeA,

your provided error - message indicates, that you don't have a subdomain created for your hostname ( as for example: server1.YOUR-DOMAIN.COM ). Due to the fact, that Let's Encrypt needs the documentroot "/var/www/vhosts/YOUR-DOMAIN.COM/server1.YOUR-DOMAIN.COM" to verify the challenge, you will certainly experience possible issues, if it isn't existent. Therefore I thought it might be a good idea to show you some additional alternatives with the mentioned link.

Another alternative than to create a subdomain "server1" at "YOUR-DOMAIN.COM", is to use DNS - entries fo verify the Let's Encrypt challenge. Pls. see as well one of myprevious posts here in the forum: =>

...
To start, I assume, that you already installed a Let's Encrypt - certificate over the Plesk Control Panel, which includes at least the domain - name ( either with or without "www." ).
You should now visit

=> Free SSL Certificate Wizard and other SSL Tools @ ZeroSSL ( external link - pls. inform me, when the link goes dead, so that I might provide another working link here! )​

... and insert the very same eMail - address that you already used, when you created your basic Let's Encrypt certificate. Insert your initial domain-name and the desired additional (sub.)domain - names at the provided text-box, accept the TOS and the Let's Encrypt SA and choose the option "DNS", followed by a click onto the NEXT - button. The next steps are fully explained in several languages ( EN | DE | FR | ES | RU ) and contain amongst other things the manual entries of TXT - DNS - entries at your primary nameserver(s) for the added (sub.)domains and after you waited a few minutes for DNS - synchronisation, the authorization will be done and the new certificate for all your desired (sub.)domain - names will be presented to you ( which you are even able to download, if you wish to ).
You are then able to either replace the existent certificate over your Plesk Control Panel, or you choose to manually add it at all necessary places, just like you added other ( self-signed, or brought ) certificates in the past.

Hint: I choosed the option, to replace the existent certificate files at "/opt/psa/var/certificates/" and "/opt/psa/var/modules/letsencrypt/etc/live/YOUR-DOMAIN..COM" ( pls. notice, that these are symlinks here! ), in the hope that the automatic renewal - process will renew not only the previous, first certificate, but the new certificate, with all the additional (sub.)domain - names. I'm pretty sure, that my hope will not be sufficient enough to reach that renewal - goal, but maybe the Plesk / Plesk-Let's Encrypt-Extension - developers find as well a working solution to add the choice for DNS - authorization, or find a way to add additional (sub.)domain - names over the Plesk Control Panel.

( Pls. visit: => #25 for the whole forum - post and possible other following issues/errors/problems and the depending suggestions. )

Additional note:
Pls. keep as well in mind, that the provided script "letsencrypt-hostname.sh" in the above mentioned forum - link is fully customizable, so you can as well modify the "webroot-path" to your very own, unique ( existent ) path, if you wish to.

 

[MikeA]

@UFHH01 Thanks, after creating a sub-domain for the hostname then going back and using the SecurityAdvisor LetsEncrypt tool it did create a certificate for the admin interface port.