Resolved Renew Let's Encrypt Certificate for Hostname

[Fatih G.]

Hello,
I am not able to renew the Let's Encrypt SSL certificate for the Plesk Server itself (hotsname). I've installed the certificate over Security Advisor -> System -> Plesk. Now there is only this info: "Plesk is secured with a valid SSL/TLS certificate".

The hostname I use is server.webdevels.de, this subdomain doesn't exist under domains. I also tried to add it manually and add a Let's Encrypt certificate for it but this is not working for Plesk and port 8443.

How can I renew the certificate or delete it so I can add it again over Security Advisor?

 

[WebHostingAce]

Tools & Settings -> SSL Certificates -> Add

 

[Fatih G.]

Here I can only add a selfsigned certificate. Can't renew the cert from lets encrypt.
Meanwhile under "Security Advisor" -> "System" it says again that Plesk is not secured with a SSL certificate, and I am able to click on "Plesk is not secured with a valid SSL/TLS certificate". But if I try it I'll get this error:

Fehler: Execution letsencrypt-hostname.sh has failed with exit code 1, stdout: , stderr: [2017-04-02 17:25:30] ERR [extension/letsencrypt] Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Challenge marked as invalid. Details: Invalid response from http://server.webdevels.de/.well-known/acme-challenge/Ff7nt9oVNvyOUIJBNAYSjPyRXxog1NP4yiucl01lUIg: "<!DOCTYPE html>
<html class="" lang="de-DE" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#">
<head>
<meta http-equiv="X"
Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Challenge marked as invalid. Details: Invalid response from http://server.webdevels.de/.well-known/acme-challenge/Ff7nt9oVNvyOUIJBNAYSjPyRXxog1NP4yiucl01lUIg: "<!DOCTYPE html>
<html class="" lang="de-DE" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#">
<head>
<meta http-equiv="X"

exit status 1

 

[UFHH01]

Hi Fatih G.,

you setup "server.webdevels.de" with a "Status: HTTP/1.1 301 Moved Permanently" - redirect. All traffic is directed to "webdevils.de" instead, but the certbot MUST validate the challenge at "http://server.webdevels.de/.well-known/acme-challenge", which is not possible with your current configuration.

 

[Fatih G.]

ok! Thanks for this info - don't know how this happened - the subdomain was never added. While ordering the server I was asked to enter a URL/Hostname over which I can acces Plesk. I choosed server.webdevels.de and it worked out of the box without adding the subdomain in Plesk. I was also able to add the SSL certificate over the Sevurity Advisor.
Now I created the subdomain and tried to add the SSL certificate over Security Advisor again and it worked now.

As a last question: How can I renew certificates automaticaly in the future?

 

[UFHH01]

Hi Fatih G.,

all Let's encrypt certificates listed at "HOME > Extensions > Let's Encrypt" should be renewed automatically within the renewal process.

 

[Fatih G.]

OK, was just wondering because I get "Let's Encrypt certificate expiration notice" mails. But if they renew automatically, everything is fine now!

Thank you very much!

 

[UFHH01]

Hi Fatih G.,

was just wondering because I get "Let's Encrypt certificate expiration notice" mails.

When I first used Let's Encrypt certificates, I checked the validation of the certificates manually and modified the standard "renewal" scheduled task ( HOME > Tools & Settings > Scheduled Tasks - command: "/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/letsencrypt/scripts/renew.php'" ) to run more often than "just once a month"