One client issues after cert renewal

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:Plesk Renew Certificate

It produced this output: Your certificate renewed successfully

My web server is (include version): Apache

The operating system my web server runs on is (include version): CentOS 6.x

My hosting provider, if applicable, is: Accuhost VM

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, Plesk Onyx

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Unsure. Command does not execute

Everything I can tell the cert is running fine. However my friend / client who’s site I am hosting says she now gets an error message saying the site is not secure on both her laptop and her phone. She sent me a screenshot of her phone and it most certainly does. I don’t even know where to look. I have tried everything I could see in the blogs, and have accessed the site from many different browsers and had friends access it as well. Only the client appears to be having an issue. I am new to Lets Encrypt so please be gentle.
Thanks for your help in advance.

Hi @Exadore4now

there are some errors ( ):

Good: Your certificate is correct and has two domain names:
expires in 90 days, - 2 entries

But you have no redirects http -> https:

Yo have only two redirects www -> non-www.

Looks like the user use the http version, this version isn't secure.

Your browser caches the information you have used https earlier. So you can't see this problem with your browser.

Thanks for the super fast response!
So now the take it easy part.
Im not exactly a newbee, been doing this stuff since 1984, but what do I have do do to correct the issue?

Check your redirects.

First, redirect http -> https without a new dns query.

Then redirect https -> https from your not-preferred version to your preferred version.

So every user has the same https version.

See domains with Grade B -> they have correct redirects.

I don’t think that was is issue. This was the response from her when I asked her to check the cert (thinking it was some type of cache issue)

Mine is still showing not secure and the certificate shows 3/26/2019 a 6/18/2019

If she was seeing a cert she had not logged in to http.
and it would not change after a renewal I would not think
Whats really weird about this is the dates don’t make sense and do not match the site, and even if they did it would be active.

but let me try your advice first. Thank you so much.

That's curious.

Then she should create a screenshot.

Certificate -> https, not http.

Or it's a typo - you have a very long domain name. So she saw another site with a wrong configuration.

I just reached out to her to confirm. This is all she sent me so far. But its her business. Why would this only start happening the day the cert renewed? She didnt even know is was renewing.

Looks like a http connection.

If I open without something else, I see the http version.

So add the redirects.

Will do. Thank you. I am wondering if this is a plesk bug that resets stuff to defaults when the Lets Encrypt plug in renews? This is her first renewal.

Thank you so much. You are awesome.

Set the redirects using plesk and she is happy. So the issue was she was going through google links on her phone.
To save anyone from headaches this is a simple update in Plesk
I still don’t understand why this was not an issue until the cert refreshed.

Thank you so much for your help and super fast response.

1 Like

To get to the setting above in Plesk, under the control panel click “Hosting Settings”

1 Like

Just a follow up for root cause. My client initially received this message in an e-mail when the auto renew occurred.
"Could not issue/renew Let’s Encrypt certificates for "
so I manually renewed the cert today. Although it appeared to be working fin.
I also have looked into how the Plesk plug in works:
the certbot and letsencrypt appear hear:
however these are bash shell scripts.
certbot has the following content:
#!/bin/bash -e

Copyright 1999-2018. Plesk International GmbH. All rights reserved.

Bash wrapper for backward compatibility

plesk bin extension --exec letsencrypt cli.php “$@”

letsencrypt has the same

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.