Hello all,
My certificate just expired but did not renew. When I try to re-issue via Let's Encrypt it fails with the attached msg. I check Let's Debug and it came back ok. I am very confused at this.
My domain is: opco.regulatoryintelligence.com
I ran this command: re-issue of cert via Plesk
It produced this output:
My web server is (include version): Apache 2.4
The operating system my web server runs on is (include version): Ubuntu 22.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk 18.0.74
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Ok I think I know what caused this but then again what is the ultimate fix....
I have multiple public IPs available to me. Currently opco.regulatoryintelligence.com should bang back to 144.202.185.221. I now activated 144.202.185.220 for testing of updated web services. I created the appropriate firewall rules and NATs but if both the prod and test rules are active certificate renewals will fail.
Do I need to change the port for the test side from 80 to 81? I do not think thats the solution since Let's Encrypt is looking for port 80 to be available.
Steve
I don't know Plesk very well. And, perhaps someone else here will still offer advice.
My advice is to ask about that on a Plesk forum. It sounds like a general problem of how to use Plesk for a test setup.
The first thing that comes to mind is to use a different subdomain while you are testing. Then have that subdomain point to your test server and have it use ports 80 and 443 normally.
Or, if you can suffer down time on the live server set your DNS for opca subdomain to the public IP for your test setup. Then get the cert and run tests like that. Switch DNS back to your production IP when done. I realize this is not always practical.
I don't know how to do this in Plesk but a DNS Challenge doesn't require Let's Encrypt to use HTTP port 80 to access your system (link here). You still need to sort out how you want to handle your public DNS though. That opca subdomain can only be set to one of your public IP at a time (since they are different systems).
The public DNS is how Let's Encrypt, or anything else, knows what to connect to.
2 Likes
