Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved

[homberger]

I would like to add that the bug (EXTSSLIT-1879) mentioned earlier is still in 'open" status and we are going to review the bug more detailed because of new details.

Any progress on this issue?

 

[Hangover2]

We can confirm, that the problem also still exists same as mentioned in our bug report.

E.g. one client wildcard certificate, that is not renewed since some days (4th of March):

 

[Hangover2]

We see the problem now for the first time also for a domain, that has no subdomains but one extra domain in the subscription, that is forwarded to it. The wildcard certificate is not renewed and ends up in a freezing state as described in the bug report ("continue" and "cancel" buttons).

 

[Hangover2]

Here is a bit of the madness we are facing every day, and this is just one server.

 

[Peter Debik]

@Hangover2 Do you have a support ticket on this as recommended in this thread before?

 

[Hangover2]

@Peter Debik At the moment we only have reseller licenses. So we cannot open support tickets as mentioned before. And our reseller does also not accept support requests. Maybe we will switch one affected server to a license directly from Plesk so we can open support tickets directly. But as the problem exists on all of our servers Plesk should be easily able to trace the issue.

 

[Kaspar]

@Peter Debik At the moment we only have reseller licenses. So we cannot open support tickets as mentioned before. And our reseller does also not accept support requests. Maybe we will switch one affected server to a license directly from Plesk so we can open support tickets directly. But as the problem exists on all of our servers Plesk should be easily able to trace the issue.

Just in case you aren't aware, you don't need a full server license bought from Plesk to actually get support from Plesk. On a reseller license a support subscription (priced at 10 €) suffices. Which, depending on what your reseller charges for your Plesk license, can be a cheaper option than a full license bought from Plesk. (Also, spending 10 € to get an issue, one that you have to deal with on a daily basis, resolved faster would be a no-brainer for me.)

 

[Hangover2]

As there seems to be no progress at all by Plesk for the bugs EXTSSLIT-1879 and PPS-15436 we decided to implement our own work-around.
To share wildcard certificates among subdomains is buggy with heavy impact on our client's satisfaction.

To avoid this shameful bug of a so called "server management platform built with you in mind." the only way is to take the renewal process in your own hands. Just scan your sites and certificates with an appropriate script and renew the wildcard certificates 5 days before Plesk would do it on its own.

Not only our clients are speechless, when we have to tell them: "Sorry, but our server management platform is not able to renew your website certificates appropriately. The bug is know since 6 months, but Plesk has no technicians or time or mood to take care this issue."

 

[marcoherzog]

My hosting provider contacted Plesk Support and reported the following:

After consulting with the developers, Plesk Support has announced that the bug EXTSSLIT-1879 is responsible for the error. This will be fixed shortly, further information and the recommended workaround will be provided in the following article: https://support.plesk.com/hc/en-us/...-domain-and-should-be-completed-also-manually

Thanks to HE.