How to renew certificates created with Plesk but no more renewable usign Plesk

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jfish.it

My web server is (include version): NGINX

The operating system my web server runs on is (include version): Ubuntu 9.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk but now server can’t use Plesk anymore

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hallo,

i have a problem while trying to renew my certificates because certificates were created using Plesk but now server can’t use Plesk anymore to renew them. Actual valid certificate are stored now in /opt/psa/var/certificates/ folder but when i run “Certbot certificates” then no certificates are recognized and when i run “Certbot renew” then non Certificates are renewed. I think that the problem is that Cerbot package is pointing to path /etc/letsencrypt while Plesk pointed to another path. Could you please help me to understand how can i renew those Certificates now? Thanks

Hi @YanezCert

that’s expected.

And certbot renew is the wrong command.

You have to start new.

sudo certbot

then select the correct options.

Renew works only if you have already created certificates.

@YanezCert To explain in more detail what @JuergenAuer means: certbot and other clients (like used by Plesk) don’t use the same configuration and/or means of file storage and there isn’t any straight forward way to “convert” configurations/files from one client to another. The already created certificates by the ACME client used by Plesk aren’t available to certbot. That’s why it’s most straight forward just to create new certificates.

That said, in theory it’s possible to use the previously issued certificates/private keys et cetera, but that would mean a lot of manual converting without any garuantee it will succeed.

Also, I’m assuming you’re not going to use Plesk any longer? But if you do intent to use Plesk again in the future, please notice the above also goes the other way around: the ACME client used by Plesk can’t use the new certificates issued by certbot automatically.

1 Like

Hallo,

if i simply run “Certbot” then i can see a list of domains to be selected for Certificate but domain i need to renew (jfish.it - www.jfish.it) is not present.

if i try to run the following command :


certbot certonly --manual


then i receive the following response. In this case i entered “www.jfish.it” domain but the very same happened while entering “jfish.it” domain


Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): www.jfish.it
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.jfish.it


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?


(Y)es/(N)o: Y


Create a file containing just this data:

zuD1OwIAWwYZFwXvnL692a6QGwDGw8pSY53Vz7bt3s8.wHBdbdEZYaNAlEuYIOHNrHpaYWRQoo8WdNTP3kdwgDs

And make it available on your web server at this URL:

http://www.jfish.it/.well-known/acme-challenge/zuD1OwIAWwYZFwXvnL692a6QGwDGw8pSY53Vz7bt3s8


Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.jfish.it (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://jfish.it/.well-known/a cme-challenge/zuD1OwIAWwYZFwXvnL692a6QGwDGw8pSY53Vz7bt3s8 [62.149.181.213]: “\r\n404 Not Found\r\n\r\n

404 Not Found

\r\n
nginx\r\n”

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.jfish.it
    Type: unauthorized
    Detail: Invalid response from
    https://jfish.it/.well-known/acme-challenge/zuD1OwIAWwYZFwXvnL692a6QGwDGw8pSY53Vz7bt3s8
    [62.149.181.213]: “\r\n404 Not
    Found\r\n\r\n

    404 Not
    Found

    \r\n
    nginx\r\n”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.


this is really strange because domains “jfish.it” and “www.jfish.it” have a valid certificate now and IP address showed in log is the correct one [62.149.181.213]

Could you tell me what’s going on there?

Thanks

Hallo,

i have solved this issue by stopping NGINX webserver and then running command “certbot certonly --standalone” for domain “jfish.it”.

I have received back this message :

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/jfish.it-0001/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/jfish.it-0001/privkey.pem
    Your cert will expire on 2020-07-25. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

The problem has been solved

Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.