• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Security advisor. Error trying to renew lets encrypt certificate

SalvadorS

Regular Pleskian
Hello,

I have 2 servers, and in both I installed the lets encrypt certificate for the name of the server from the security advisor.

Now I am receiving this error in both servers:

====
Could not secure domains of xxx (login admin) with Let's Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:

<none>

The following domains have been secured without some of their Subject Alternative Names:

<none>

Could not renew Let's Encrypt certificates for xxx (login admin). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let's Encrypt certificates has failed:

* 'Lets Encrypt certificate' [days to expire: 27]
[-] name.server.com

Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/r-i0JTwzJ2K_4ljAsNtCWcadcfKOnqL_8knJPmI5cr
Details:
Type: urn:acme:error:unknownHost
Status: 400
Detail: No valid IP addresses found for name.server.com

The following Let's Encrypt certificates have been renewed without some of their Subject Alternative Names:

<none>


Legend:
[+] This domain is secure. The domain's SSL/TLS certificate from Let's Encrypt has been issued/renewed.
[-] This domain is not secure. Either the domain's SSL/TLS certificate from Let's Encrypt could not be issued/renewed or the domain name was excluded from the certificate. Renew the certificate manually or request a new one to secure this domain.
===

Where name.server.com is the name of the server. The certificate is installed from then security advisor and it is not listed in the lets encryption extension.

Any ideas?
 
Is name.server.com publicly accessible and registered in DNS, so that it can resolve to the IP address of your server when opened on the Internet?
 
You are probably missing something, for example the DNS entry for an alias or maybe the "www" subdomain of the domain name. The error message says that "some" alternate names are causing the error. The certificate itself is present, but some of the subdomains or aliases you are trying to equip with it are inaccessible for the Let's Encrypt domain validation. Either they are missing the DNS entry or they don't have web space that can be accessed so that the validation files cannot be written or read.
 
the other gotcha is that you must not have any code that hides / blocks . folders ie hidden folders as this is where certbot tries to store and read verification files.
 
I create a subscription with the name of the server, to assure there is a valid IP address configured and still receiving the error... I don't understand it... Nobody has this error when you set a lets encrypt certificate for the name on the server with the security advisor?
 
Hi
I am new at this

but
I have a question:
I see now that under "security advisor" if I secure a domain, it by default, uses the new Symantes secure starter SSL

and for the old domains, I have an option to 'upgrade' to the symantec free ssl

the old lets-encrypt certs would auto renew on their own

will these new symantec ones do the same?
I do not see a setting for renewing them, other than reinstalling them

thanks
 
Nobody has this problem? Only me?

I don't know if I can delete the cert (from the security advisor it is impossible) and generate a new one...
 
yes you can go to your domain and look under hjosting properties, and uncheck the 'secure using SSL' box
then I think you can go back to security advisor and re secure it
you can also click onm lets encrpt or ssl i dont know which
and you will see an instal button where you can renew it

I think
 
what? when you secure a Domain name in security advisor
you get a symantec SSL secure starter certificate for that domain
now maybe its for the server and its a wild card for all domains
but in security advisor, seperate domains can be secured and you get a green flag saying its secured with symantec SSL

so

are you saying that this new symantec certificate plesk is using is for all domains

is it renewed automatically?

thanks
 
Back
Top