• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue letsencrypt renewal error

Sysop

Sysop

Basic Pleskian
When trying to renew the letsencrypt SSL for a domain we get the error:
The SSL/TLS certificate cannot be renewed automatically because the required data is missing. To renew the certificate, reissue it manually.
Click to expand...
What required data is it meaning and how to reissue it manually?
 
Hi Sysop,

If you want to reissue a certificate, you need to open an SSL It! page (Websites & Domain => "some domain" => SSL/TLS Certificates) for the domain and click "Reissue certificate".

reissue certificate.png
 
m3lezZ said:
Hello @Sysop is your Cert a wildcard?
Click to expand...
@m3lezZ, I’ve tried reissuing it both ways (as wildcard and non). Unfortunately I believe that in combination with the auto renewal scheduled task it has gotten me rate limited in addition to this original issue :/

I would assume I’m sort of dead in the water for a week perhaps until it allows me try again.
 
Yeah there is a limit for renew-attemps, i think you're run in it. I'll watch this threat to next week, looking forward to your reply.

Stay safe and have a good time.
 
Hi @Sysop @m3lezZ !

Any new about this issue?

I have same problem and can not find out any solution.


When creating a domain via command line through plesk, the result is correct but it always tells me that

The SSL / TLS certificate cannot be renewed automatically because the required data is missing. To renew the certificate, reissue it manually.
Click to expand...

The command used is the following

Code: 
plesk bin extension --exec letsencrypt cli.php -d docmb.com -m [email protected]

If instead of generating the ssl via cli, I do it manually through the menu option called "reissue the certificate", now the domain will be automatically renewed after 3 months.

  • Is there a bug with the command responsible for creating the ssl?
  • Do I need to pass on any more arguments?
  • I don't understand why when it is executed, it never considers the email field.

I have tried different ways and none of them are successful:

Code: 
* --email [email protected]
* --email "[email protected]"
* -m [email protected]

Thank you!
 
Hello ecv7,
welcome to the plesk-forum.

I tried to reproduce the error on my test-environment. Basicly you can run:
plesk bin extension --exec letsencrypt cli.php --help
to get a quick overview about the commands and syntax for lets encrypt on the cli.

In my case worked the following:
server:~$ plesk bin extension --exec letsencrypt cli.php --domain mydomain.tld --email [email protected]

Replace the cursive written wildcards with your domain and email.

I'm looking forward to your feedback.
Best regards,
 
Hi @m3lezZ

Thank you so much! I am very happy to have found you and I had the opportunity to join.

Actually, is that what I did.

I am using exactly this command:

Code: 
plesk bin extension --exec letsencrypt cli.php --domain docmb.com --email [email protected]

And the results are what I told you before:

Code: 
The SSL / TLS certificate cannot be renewed automatically because the required data is missing. To renew the certificate, reissue it manually.

Any idea what's going on?

Un saludo!
 
Hm may the debug-mode for LE will help us here to figure out whats goin on..

Enable:
vim /usr/local/psa/admin/conf/panel.ini
Uncomment or add the following lines:
[log]
; Log messages verbosity level (from 0 to 7)
; 0 - only critical errors, 7 - all including debug messages, default - 3
filter.priority = 7

[ext-letsencrypt]
enabled = on
log-requests = true
Save the changes and close the file, entries will appear here:
/usr/local/psa/admin/logs/panel.log

May delete the certificate in plesk and run the command on the CLI again to secure the website. If it possible post the output in the log-file here so we can have a look.

Kind regards,
 
Hi there,

I have put the file as you have indicated, but when executing the following command, it has not seen any trace in the log.

Code: 
plesk bin extension --exec letsencrypt cli.php  -d promociones.online --email [email protected]


However, when executing the command manually in other domain, I have observed a trace like the following in the log

Code: 
[2021-02-03 23:47:14.126] ERR [extension/letsencrypt] Domain validation failed for www.jrtraffickers.com: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/10575273319.
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: NXDOMAIN looking up A for www.jrtraffickers.com - check that a DNS record exists for this domain
 
Hello,

This site can’t be reached​

www.jrtraffickers.com’s server IP address could not be found.

Looks like you have set an A-Record for jrtraffickers.com but not for www.jrtraffickers.com .

Please check this at your zone-settings at Godaddy

regards,
 
@m3lezZ

Effectively. There are some domains that do not have a type A record for www.

But that, as we have seen, is not related to the issue of automatic renewal, since on another occasion we have had a type A record for the www and the ssl always appears as it CANNOT be renewed automatically.

For example this new case:
intoDNS: sernatrafficker.digital - check DNS server and mail server health

I execute this command:
Code: 
plesk bin extension --exec letsencrypt cli.php  -d sernatrafficker.digital -d www.sernatrafficker.digital -m [email protected]

And wrong again:
Pasteboard - Uploaded Image


It's quite frustrating ... any ideas?

Un saludo
 
Hello, sorry for the late response...

"(Cannot auto-renew certificates in Plesk if they were renamed previously)"
But I think you havent renamed it previously or so?

Could you please run this command:
plesk bin certificate -l YOURDOMAIN

This gives you a list of certificates for the domain, then delete it with:
plesk bin certificate --remove "xxx CERT" -domain YOURDOMAIN

After this again the list, to check if the cert is successfully deleted and then get a new one with the known command:
plesk bin extension --exec letsencrypt cli.php -d YOURDOMAIN -m [email protected]

I'm looking forward to your feedback,
regards,
 
You must log in or register to reply here.

Similar threads

K
Issue LetsEncrypt certificates no longer automatically renewing, even though Plesk says they should
Replies
4
Views
418
SteveITS
S
D
Question Renewing Let's encrypt automatically
Replies
3
Views
310
Kaspar
K
LionKing
Issue Cloudflare's proxy function and SSL certificates
Replies
16
Views
603
LionKing
LionKing
Bitpalast
Resolved SSL create and renew errors on random domains / possibly a Let's Encrypt issue, but maybe only in combination with Plesk
Replies
11
Views
1K
Change Maker
C
futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
8
Views
946
futureweb
futureweb
Back
Top