Automatic renewal of SSL Certificates


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: profile-accessories.com

I ran this command:

It produced this output:

My web server is (include version): linux

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: rackspace

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): plesk

I have a general question about renewing SSL certificates. Currently I have to manually renew my certificate every few months but I get emails from our system saying there was an attempt to automatically renew the certificate but it failed. I’ve contacted my IT department (we do not have a system administrator, so no one in the company really knows much about SSL certificates) about this and they are telling me manually renewing certificates is just the way it is and that’s that.

That doesn’t sound right to me at all. Friends who work more closely with this kind of stuff have told me it’s typically done automatically. But I thought I would ask here and get some feedback. What do you guys think?


#2

You’re correct that it’s typically done automatically, however it’s important to note that there do exist certain ways you can set up your infrastructure that would preclude this from being possible. Usually that indicates either a very specific, deliberate configuration, or a poorly thought-out one.

Could you provide a bit more information about how things are set up? My understanding is that Plesk has automated renewal built in, although I’ve never used Plesk in my life.


#3

Unfortunately I do not have much information regarding the infrastructure of our web servers. I believe you are correct that plesk does have automated renewal built in, as I am receiving emails from plesk saying that the auto renewal has failed.

Also, under the the Let’s Encrypt/SSL Certificate option within Plesk, under the “Current Certificate” subheader I see that it says “This certificate will be renewed” This is kind of vague, but to me this implies automatically.

I will forward this information along to my IT team, we will most likely have to contact our hosting provider to fix the issue.

Thank you for your help.