Plesk Can't Reload or Cancel SSL/TLS Certificate

jherron · May 30, 2023, 1:51pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: loftyliterature.com

I ran this command:

It produced this output:

My web server is (include version): Gen4 VPS Linux 16 CPU High Memory

The operating system my web server runs on is (include version): CentOS Linux 7.9.2009 (Core)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Version 18.0.52

I had a SSL/TLS Certificate installed for this domain but it expired, and then I tried to delete it so I could re-install but when I go to SSL/TLS Certificates in Plesk I can only 'Reload' or 'Cancel'. If I Reload it says:

Your domain is not secured with a valid SSL/TLS сertificate. Order or install it to secure data transfer, credit card transactions, logins, and other personal information.

To secure your domain, order a new certificate from the list below or upload an already purchased certificate.

When I click I click Cancel, I can click Install and then click Get it Free but it doesn't do anything and when I close the panel it shows the same message I get after clicking 'Reload', so I am stuck in a loop and am not sure what else to do.

My server knowledge is limited. Any help would be greatly appreciated.

MikeMcQ · May 30, 2023, 2:16pm

Is that a hosting service? Such as godaddy?

jherron · May 30, 2023, 2:17pm

Yeah, GoDaddy hosted VPS.

MikeMcQ · May 30, 2023, 2:37pm

This sounds like a problem better asked of GoDaddy. They setup Plesk for your system. Service is part of what you pay for after all.

I see you got a Let's Encrypt cert with several domain names and one wildcard back in Feb. But, your domain is currently using a self-signed default Plesk cert. I have no idea why Plesk wouldn't be able to get another cert just like you did back in Feb.

Osiris · May 30, 2023, 2:56pm

Does GoDaddy offer Let's Encrypt certs? And do they offer that kind of support for a VPS?

MikeMcQ · May 30, 2023, 3:12pm

They got an LE cert in Feb. They only mention using Plesk. They have limited server knowledge. Either GoDaddy or a Plesk forum seems better than here.

Anyone with a better suggestion is free to make it

jherron · May 30, 2023, 3:15pm

I am with GoDaddy customer support now to confirm if they provide support, and I have also submitted a post on the Plesk community forum. Done many searches online, feel like I have hit a wall.

Osiris · May 30, 2023, 3:20pm

I fully agree, I just want to increase my own horizon of knowledge, as I thought GoDaddy didn't support anything related to Let's Encrypt, but I'd be glad if I was wrong

rg305 · May 30, 2023, 4:28pm

From what I've heard [over the years]...
GoDaddy Shared Hosting = ZERO SUPPORT
GoDaddy VPS = hmm... not too many of those around
[likely some "default setup" and then end-user managed]

griffin · May 30, 2023, 4:40pm

You should be able to use CertSage to acquire a Let's Encrypt cert. You'll need to use the Plesk interface to install it though.

Osiris · May 30, 2023, 4:42pm

Not sure if CertSage is the most ideal ACME client for a VPS with root access.

E.g. there's a Certbot plugin doing the dns-01 challenge and installing the cert using cPanel (GitHub - badjware/certbot-dns-cpanel: certbot plugin to allow acme dns-01 authentication of a name managed in cPanel). Which can be fully automated. Hm, not cPanel, but Plesk, nevermind about the previous part.

griffin · May 30, 2023, 4:44pm

True. I wonder how the previous certs were acquired.

Osiris · May 30, 2023, 4:46pm

Don't we all From the looks of it, Plesk.

jherron · May 30, 2023, 4:53pm

The original certs were acquired using Plesk, and I added a txt DNS record to verify the domain, after I deleted the certificate after it expired, I can't seem to use Plesk to install a new certificate.

Would you still suggest using CertSage to try and create and manually install a new Let's Encrypt certificate?

rg305 · May 30, 2023, 4:56pm

I'd begin at the beginning.
Do you have true root access?

jherron · May 30, 2023, 4:59pm

Yes I believe so, I just opened the SSH Terminal extension.

rg305 · May 30, 2023, 5:00pm

I think that doesn't provide the same usefulness as a true SSH connection.
[browser based simulation]
But it is worth the try.

How tech savvy are you?

jherron · May 30, 2023, 5:02pm

I am a web developer with some hosting/server experience, so pretty tech savvy overall.

Thank you so much for your time!

rg305 · May 30, 2023, 5:02pm

Can you locate the webserver's vhost config file?
If so, we need to see the contents of the secure vhost config file.

Osiris · May 30, 2023, 5:41pm

Personally, I'm more interested with more details (screenshots, logs et cetera) why Plesk suddenly wouldn't be able to get a certificate.

Currently, the only thing we know is that Plesk apparently only shows "Reload"/"Cancel". I'm not familiair with Plesk myself, but maybe some screenshots/errors/et cetera can shed some light on the Plesk-situation.