• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Older Plesk Versions + Let's Encrypt Asynchronous Order Finalization

futureweb

futureweb

Regular Pleskian
Server operating system version
Centos
Plesk version and microupdate number
multiple
Hello,

Unfortunately, some of our customers are still using outdated Plesk servers (including CentOS 6, Plesk: version 18.0.31 Update No. 3). These servers also use LE SSL certificates (from what I have seen, several hundred domains on multiple servers, yes, we are aware that this is a nuisance, I would also prefer it weren't the case - but that's the way it is).

Please consider releasing an unscheduled update for the SSLIt extension to address this breaking change. Otherwise, when LE rolls out the final change, several hundred domains will lose their SSL certificate. We will strongly recommend our customers to migrate to an up-to-date Plesk server, but some are reluctant due to the time and effort involved. It is unlikely that all Plesk servers can be migrated before the rollout, especially since there was no advance warning from LE until the first brownout occurred.

Additionally, I suspect that other hosting providers may also be affected by this issue, not just us. It would be helpful if the SSLIt extension update could be made available to all affected providers as soon as possible. Guess you can check how many are affected on your side.

Thank you very much.
Andy
 
I think this is a very basic issue that affects all users, independent of the Plesk version used. We conducted tests last night and found that the update on Let's Encrypt's end has affected not only the latest version, but also previous versions. It also became clear that this is not limited to Plesk, but to almost all who are using Let's Encrypt. The Let's Encrypt extension will for sure be updated here. I cannot say though, if that will work with an outdated, unsupported old Plesk version.
 
Hello Peter,
I am familiar with the changes that Let's Encrypt (LE) has made as I develop a custom LE client for our company, and I implemented the protocol changes in our client yesterday. The ACME protocol has supported this asynchronous certificate issuance for a long time, and LE has only now implemented it, which makes sense. Therefore, I am quite confident that this change will definitely go live sooner or later. (certbot supporting async finalization since v0.22.0 for example)
Currently, this change affects all Plesk versions because this change has not yet been programmed into the SSLIt extension. However, I am not worried about this as it will happen eventually.
My concern is that this change may not be backported to older, unsupported Plesk versions because the last version of SSLIt rolled out for these older Plesk versions is version 1.10.4-1511, while we are currently at version 1.12.8-1619 for the latest Plesk versions. Could you please investigate whether this breaking change can be backported to these "out of support" Plesk versions, as it would have a HUGE IMPACT if no SSL certificates could be issued via LE at all.
Thank you, best regards from Tirol,
Andreas
 
Thank you for rising that topic, @futureweb.

To be more precise, the fix should be implemented into the Let's Encrypt extension (as a plugin for SSL It!). Anyway, first of all, we need to release a fix for supported versions.

Last Friday, we released an update for the LE extension (Let's Encrypt 3.1.8 => Let's Encrypt 3.1.9), the new version is available for Plesk 18.0.36+. But LE v3.1.9 can't be installed on more earlier versions of Plesk.

We were discussing what to do with back-port of the fix, but after an announce from LE (that they decided to cancel the rest of the prod brownouts), we decided the issue with outdated Plesk and extensions not so urgent as before.
[...] Based on that data and the great conversations in this forum yesterday, we've decided to cancel the rest of the prod brownouts, and to indefinitely postpone enabling asynchronous finalization in prod. [...] (c) Enabling Asynchronous Order Finalization
Click to expand...
 
You must log in or register to reply here.

Similar threads

Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2
Replies
28
Views
6K
marcoherzog
M
H
Resolved Wildcard SSL Certificate Auto Renewals not Working for Let's Encrypt with External DNS
Replies
6
Views
3K
NickSick
N
R
Resolved New Let's Encrypt extension upgrade (version 3.1.13) breaks old Plesk versions
Replies
4
Views
1K
RalfMeyer
R
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
671
Lenny
Lenny
T
Question Secure mail.customerdomain.com with Let's Encrypt certificate with no hosting
Replies
1
Views
1K
IgorG
IgorG
Back
Top