• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Problem with automatic renewal of let's encrypt wildcard certificates

A

Adarre

New Pleskian
Server operating system version
Ubuntu 18.04.6 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.49
Since this month of January, my server's SSL certificates have not been renewed in wildcard mode as they should, but as normal certificates. Results, the mail services are no longer protected. I have to regenerate them manually. What's going on?
 
Normally you should have received an email notification on any renewal issue that includes details on the reason. Have you received such a notification?
 
Peter Debik said:
Normally you should have received an email notification on any renewal issue that includes details on the reason. Have you received such a notification?
Click to expand...
No, I did not receive any such notification. On the other hand, I receive the emails notifying the expiry of the certificates coming from the address [email protected]. But no error message lately.

All I know is that, during this month of January, two wildcard certificates were automatically renewed into normal certificates...

Thanks
 
It sounds as if there were aliases included in the certificates, but the alias domains (at least one of them) no longer exists. In that case it is possible that either renewal fails (if the "keep websites secured" checkbox is not checked) or a renewal is done, but then only for the domains that still exist.
 
@Adarre I can only tell you that Wildcard certificates sometimes cause issues. It‘s the same with subdomains, aliases… Sometimes they‘ll get lost.
I think it is caused because of DNS cache.

Here is the why:
1. Plesk / cronjob automatically updates DNS policy with new ACME policy
2. Then the croniob sends the request to Let‘s Encrypt, that is pushing back the DNS verification (in case of wildcard!)
3. Soemtimes this DNS answer is not yet the latest one
4. Lets Encrypt declines the request
5. Server creates .acme-challenge Folder to do non-wildcard verification
6. File based verification has no caching, therefore it is approved immediatly

I‘d highly recommend to not use wildcard certs OR to switch to a professional certificate.

Sorry I cannot tell you more, but we have around 600 hosting customers here - and always issues with Let‘s Encrypt wildcard certs.
 
manni said:
I can only tell you that Wildcard certificates sometimes cause issues. It‘s the same with subdomains, aliases… Sometimes they‘ll get
Click to expand...
I agree that the wildcard certificates sometimes cause issues. Thank you for your feedback
 
You must log in or register to reply here.

Similar threads

D
Question Renewing Let's encrypt automatically
Replies
3
Views
320
Kaspar
K
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
689
tessa67
T
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
612
Azurel
Azurel
F
Question How can I renew the Lets Encrypt certificates on a VPS Server from the Ionos company?
Replies
0
Views
720
fonorola
F
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
1K
klowet
K
Back
Top