• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Problem with automatic renewal of let's encrypt wildcard certificates

Adarre

New Pleskian
Server operating system version
Ubuntu 18.04.6 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.49
Since this month of January, my server's SSL certificates have not been renewed in wildcard mode as they should, but as normal certificates. Results, the mail services are no longer protected. I have to regenerate them manually. What's going on?
 
Normally you should have received an email notification on any renewal issue that includes details on the reason. Have you received such a notification?
 
Normally you should have received an email notification on any renewal issue that includes details on the reason. Have you received such a notification?
No, I did not receive any such notification. On the other hand, I receive the emails notifying the expiry of the certificates coming from the address [email protected]. But no error message lately.

All I know is that, during this month of January, two wildcard certificates were automatically renewed into normal certificates...

Thanks
 
It sounds as if there were aliases included in the certificates, but the alias domains (at least one of them) no longer exists. In that case it is possible that either renewal fails (if the "keep websites secured" checkbox is not checked) or a renewal is done, but then only for the domains that still exist.
 
@Adarre I can only tell you that Wildcard certificates sometimes cause issues. It‘s the same with subdomains, aliases… Sometimes they‘ll get lost.
I think it is caused because of DNS cache.

Here is the why:
1. Plesk / cronjob automatically updates DNS policy with new ACME policy
2. Then the croniob sends the request to Let‘s Encrypt, that is pushing back the DNS verification (in case of wildcard!)
3. Soemtimes this DNS answer is not yet the latest one
4. Lets Encrypt declines the request
5. Server creates .acme-challenge Folder to do non-wildcard verification
6. File based verification has no caching, therefore it is approved immediatly

I‘d highly recommend to not use wildcard certs OR to switch to a professional certificate.

Sorry I cannot tell you more, but we have around 600 hosting customers here - and always issues with Let‘s Encrypt wildcard certs.
 
I can only tell you that Wildcard certificates sometimes cause issues. It‘s the same with subdomains, aliases… Sometimes they‘ll get
I agree that the wildcard certificates sometimes cause issues. Thank you for your feedback
 
Back
Top