• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Problem with automatic renewal of let's encrypt wildcard certificates

A

Adarre

New Pleskian
Server operating system version
Ubuntu 18.04.6 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.49
Since this month of January, my server's SSL certificates have not been renewed in wildcard mode as they should, but as normal certificates. Results, the mail services are no longer protected. I have to regenerate them manually. What's going on?
 
Normally you should have received an email notification on any renewal issue that includes details on the reason. Have you received such a notification?
 
Peter Debik said:
Normally you should have received an email notification on any renewal issue that includes details on the reason. Have you received such a notification?
Click to expand...
No, I did not receive any such notification. On the other hand, I receive the emails notifying the expiry of the certificates coming from the address [email protected]. But no error message lately.

All I know is that, during this month of January, two wildcard certificates were automatically renewed into normal certificates...

Thanks
 
It sounds as if there were aliases included in the certificates, but the alias domains (at least one of them) no longer exists. In that case it is possible that either renewal fails (if the "keep websites secured" checkbox is not checked) or a renewal is done, but then only for the domains that still exist.
 
@Adarre I can only tell you that Wildcard certificates sometimes cause issues. It‘s the same with subdomains, aliases… Sometimes they‘ll get lost.
I think it is caused because of DNS cache.

Here is the why:
1. Plesk / cronjob automatically updates DNS policy with new ACME policy
2. Then the croniob sends the request to Let‘s Encrypt, that is pushing back the DNS verification (in case of wildcard!)
3. Soemtimes this DNS answer is not yet the latest one
4. Lets Encrypt declines the request
5. Server creates .acme-challenge Folder to do non-wildcard verification
6. File based verification has no caching, therefore it is approved immediatly

I‘d highly recommend to not use wildcard certs OR to switch to a professional certificate.

Sorry I cannot tell you more, but we have around 600 hosting customers here - and always issues with Let‘s Encrypt wildcard certs.
 
manni said:
I can only tell you that Wildcard certificates sometimes cause issues. It‘s the same with subdomains, aliases… Sometimes they‘ll get
Click to expand...
I agree that the wildcard certificates sometimes cause issues. Thank you for your feedback
 
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
535
Polli
Polli
S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
1K
SilentWarrior
S
L
Issue Plesk Mail Only SSL Still Not Functioning Properly
Replies
2
Views
222
alvarezcruz
alvarezcruz
W
Question SSL Cert for Mail-Server
Replies
1
Views
588
Kaspar
K
M
Issue Let's Encrypt Bulk Domain Renewal
Replies
4
Views
504
MacGyver
M
Back
Top