• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Problem with automatic renewal of let's encrypt wildcard certificates

A

Adarre

New Pleskian
Server operating system version
Ubuntu 18.04.6 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.49
Since this month of January, my server's SSL certificates have not been renewed in wildcard mode as they should, but as normal certificates. Results, the mail services are no longer protected. I have to regenerate them manually. What's going on?
 
Normally you should have received an email notification on any renewal issue that includes details on the reason. Have you received such a notification?
 
Peter Debik said:
Normally you should have received an email notification on any renewal issue that includes details on the reason. Have you received such a notification?
Click to expand...
No, I did not receive any such notification. On the other hand, I receive the emails notifying the expiry of the certificates coming from the address [email protected]. But no error message lately.

All I know is that, during this month of January, two wildcard certificates were automatically renewed into normal certificates...

Thanks
 
It sounds as if there were aliases included in the certificates, but the alias domains (at least one of them) no longer exists. In that case it is possible that either renewal fails (if the "keep websites secured" checkbox is not checked) or a renewal is done, but then only for the domains that still exist.
 
@Adarre I can only tell you that Wildcard certificates sometimes cause issues. It‘s the same with subdomains, aliases… Sometimes they‘ll get lost.
I think it is caused because of DNS cache.

Here is the why:
1. Plesk / cronjob automatically updates DNS policy with new ACME policy
2. Then the croniob sends the request to Let‘s Encrypt, that is pushing back the DNS verification (in case of wildcard!)
3. Soemtimes this DNS answer is not yet the latest one
4. Lets Encrypt declines the request
5. Server creates .acme-challenge Folder to do non-wildcard verification
6. File based verification has no caching, therefore it is approved immediatly

I‘d highly recommend to not use wildcard certs OR to switch to a professional certificate.

Sorry I cannot tell you more, but we have around 600 hosting customers here - and always issues with Let‘s Encrypt wildcard certs.
 
manni said:
I can only tell you that Wildcard certificates sometimes cause issues. It‘s the same with subdomains, aliases… Sometimes they‘ll get
Click to expand...
I agree that the wildcard certificates sometimes cause issues. Thank you for your feedback
 
You must log in or register to reply here.

Similar threads

Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
277
Azurel
Azurel
F
Question How can I renew the Lets Encrypt certificates on a VPS Server from the Ionos company?
Replies
0
Views
247
fonorola
F
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
227
klowet
K
futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
8
Views
265
futureweb
futureweb
V
Issue Let's Encrypt wildcard certificate renewal : some subdomains are not secured
Replies
0
Views
941
Vincent Brouchet
V
Back
Top