Facebook
TwitterMartin Baker
New Pleskian
This problem is affecting every domain on a Plesk Windows installation with automatic updates switched on.
At the due time, lets encrypt is invoked by Plesk to renew wildcard certificates, and a new certificate is duly delivered to the machine and saved. It has the same name as the previous certificate. Plesk says that the certificate has been installed successfully....
.... but the previous certificate is not deleted
Plesk continues to use the old certificate including after it has expired - leading to service issues as to be expected.
Since the new and the old certificates have the same name there is no way to tell Plesk to use the latest certificate - it appears that Plesk refers to certificates using logical names and there is no way in windows to force them to be unique and no way in Plesk to tell it which one to use - nor indeed which one to delete.
Therefore one has to use RDP / Windows manage Certificates to delete the old certificate.
That's all you need to do to get the full service back running again.
Any ideas as to why this critical step is being missed out by the Plesk / Lets Encrypt renew process and what needs to be done to have it work automatically.
It is a nightmare of a manual task to have to monitor what is going on over multiple domains and deleting old certificates in a timely manner so to prevent service issues. I feel I shouldn't need to be using RDP in this way.
At the due time, lets encrypt is invoked by Plesk to renew wildcard certificates, and a new certificate is duly delivered to the machine and saved. It has the same name as the previous certificate. Plesk says that the certificate has been installed successfully....
.... but the previous certificate is not deleted
Plesk continues to use the old certificate including after it has expired - leading to service issues as to be expected.
Since the new and the old certificates have the same name there is no way to tell Plesk to use the latest certificate - it appears that Plesk refers to certificates using logical names and there is no way in windows to force them to be unique and no way in Plesk to tell it which one to use - nor indeed which one to delete.
Therefore one has to use RDP / Windows manage Certificates to delete the old certificate.
That's all you need to do to get the full service back running again.
Any ideas as to why this critical step is being missed out by the Plesk / Lets Encrypt renew process and what needs to be done to have it work automatically.
It is a nightmare of a manual task to have to monitor what is going on over multiple domains and deleting old certificates in a timely manner so to prevent service issues. I feel I shouldn't need to be using RDP in this way.
