Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: I have 5 domains but one question.
I ran this command:N/A
It produced this output: N/A
My web server is (include version):Plesk Obsidian 18.0.66 Update #2
Web Host Edition
The operating system my web server runs on is (include version):Ubuntu 22.04.5 LTS
My hosting provider, if applicable, is: Ionos
I can login to a root shell on my machine (yes or no, or I don't know):Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Not Sure?
I'm trying to ascertain how I can auto renew my Lets Encrypt Certificates for each of my 5 domains, and 2 Sub Domains.
I understand their is some command like "sudo certbot"..etc.
I've not done it this way and a few of my domains are due to have their Certs renewed.
Is there a clear explanation of a process for one domain, that I can then use for all the others and the Sub Domains. Thanks
Robert
For the domain name shown (registeryourappliance.uk), it looks like your certificates are not autorenewing. Considering that you had been using wildcard certificates for about a year with renewals around every 60 days (as is recommended), I'm presuming that you've changed something about your setup recently (DNS host, perhaps?).
Well not that I'm aware of to be honest. I get reminders that are different to what it says on the screen you see. I honestly don't fully understand it? Sorry.
That is a better question to ask of the hosting service that provides that panel you show. The certificate with exactly those 3 domain names is due to expire in 6 days. It is the cert that those domains are using so you should definitely get this sorted out before expiration.
That said, you consistently change the domain names used for your certificates. And, sometimes these are wildcard certs and sometimes not. Constantly changing the names in your certs will result in seeing warning emails from Let's Encrypt. But, not for long as that service is going away. See: Ending Support for Expiration Notification Emails - Let's Encrypt
You might want to ask your hosting service what they recommend for managing these certs.
No, your registeryourappliance.uk domain is using a cert with just 3 names in it as shown by that panel. See also this SSL Checker which shows which cert your server is currently using. It is not a wildcard: https://decoder.link/sslchecker/registeryourappliance.uk/443
A record of the cert itself stays in the public logs forever and cannot be deleted from that. But, how you manage your panel and its config is best asked of the hosting service who provides that for you.
Some panels only work properly when they manage the certs. I do not know enough about your panel to give advice on alternate methods. Which is why I have suggested talking to your hosting provider.
To learn more about ways to get Let's Encrypt certs see Getting Started topic. However, ask your panel provider if these methods are compatible with it. Getting Started - Let's Encrypt
I am not aware of any field within a certificate issued by Let’s Encrypt that says a certificate will be auto renewed. I believe this is more a choice of the ACME Client Implementations - Let's Encrypt chosen and the supporting system configurations.
These are the only options I see on Ionos/Plesk CP Wordpress Domains. That SSL Link Checker doesn't show any issue now also?
I meant delete them from the DNS Entry. I accept the public logs stuff of course.
I will check that of course, just to ensure I'm doing it correctly.
It may be a limitation on their part, possibly designed to use paid services. Lets find out.
It shows your cert expiring very soon. For automated systems Let's Encrypt recommends renewing 30 days before expiration. If your Plesk setup should do that automatically it is not working properly. Or, if you must do that manually in which case you should renew that now.
Thanks Bruce. Thats where I'm lost I confess. I guess the only way is the 90 day renewal that's afforded by ACME Challenges. I have only ever used this and each time it's done, it creates another DNS Entry. I wondered if any duplicates were likely to cause other issues, so I began to explore what I read in other posts, about setting up Auto Renewal of these. So if that's not possible, then I must continue my existing methods.
Yes I'm going to do that. I have added them later than 30 before and they are pretty much up and running. I will chase the Plesk Forums for that. Cheers Mike
I've done nothing to my DNS or settings in regard to renewing the Certs.
What I've shown here though, indicates that this domain will auto-renew.
I only mention because of the genuine info provided about expiry and what Cert Logs state, it does look like I can just leave this to auto-renew?
Ok. Thanks. Done that now. I'll need to see now if I need to remove old DNS entries, which are created when Adding the Cert and using Wildcards, to show exactly as you seen in this domain, for my other domains
FYI. Having spoken with Ionos Support, they reckon if it says it will Auto-Renew, then 9 times out of 10 it will. So mine are saying they will. With just a few days left on one, I've decided to wait and see.
