Plesk Cert Renew Failed

nj24 · September 30, 2019, 5:20pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: twojackspizza.com

I ran this command: The automatic renew failed, so I tried manually renewing by going to the Let’s Encrypt extension and clicking “Renew”

It produced this output: It appeared to work, but website shows an expired certificate (even thought it appears that there are new certificates issued)

My web server is (include version): CentOS 6.10 (Final)‬

The operating system my web server runs on is (include version): Plesk Onyx
Version 17.8.11 Update #68, last updated on Sept 26, 2019 04:03 AM

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Let’s Encrypt Extension 2.8.2-529

I have an expired certificate. I am not sure how to renew it besides the instructions on Plesk’s website, which are not working. I have other sites where Let’s Encrypt is renewing correctly on this same server and I have tried to copy the same configuration, but it isn’t working.

I did “renew” numerous times because I thought maybe it just wasn’t taking, but realize that didn’t help anything. I have gone through a number of posts on this site but haven’t been able to figure it out that way either.

Any help would be appreciated. Thanks!

JuergenAuer · September 30, 2019, 5:31pm

Hi @nj24

the check says: You have created two new certificates, so that part has worked.

Issuer	not before	not after	Domain names	LE-Duplicate	next LE
Let’s Encrypt Authority X3	2019-09-30	2019-12-29	twojackspizza.com, www.twojackspizza.com - 2 entries	duplicate nr. 2
Let’s Encrypt Authority X3	2019-09-30	2019-12-29	twojackspizza.com, www.twojackspizza.com - 2 entries	duplicate nr. 1

But you use an expired certificate:

CN=twojackspizza.com
	31.05.2019
	29.08.2019
32 days expired	twojackspizza.com, www.twojackspizza.com - 2 entries

So it’s “only” an installation problem.

Did you restart your Plesk?

Perhaps you have to change the certificate manual.

nj24 · September 30, 2019, 5:31pm

I haven’t restarted Plesk, but will do that now and let you know what happens - thanks!

nj24 · September 30, 2019, 5:39pm

Hi JuergenAuer,

Successfully restarted, but seeing the same thing.

You mentioned changing the certificate manually - can you tell me anything more about that?

stevenzhu · September 30, 2019, 5:44pm

Hi,

Please go to your hosting settings, and see the certificate selection:

Thank you

nj24 · September 30, 2019, 5:51pm

Hi stevenzhu,

Thanks for the recommendation - I went there but only see 1 Lets Encrypt option which I already had selected. Should I change it from that? Attaching pic:

stevenzhu · September 30, 2019, 6:02pm

Well… That’s weird.

Click on the SSL/TLS section on your domain dashboard, please check the certificate that named Let’s Encrypt xxxxx and decide the PEM.

If that shows the correct certificate, just restart the server, else you might need to do something (that I don’t know…) to fix it

Are you the root / admin for the Plesk server? If so, have you tried to only restart the HTTP server?

Thank you

JuergenAuer · September 30, 2019, 6:05pm

Remove SSL, save it, add SSL, select the certificate, save it again. Perhaps Plesk doesn’t show the newest certificate.

nj24 · September 30, 2019, 6:16pm

Ok,

I have:

Removed SSL from Hosting Settings (unchecked the box and changing the Certificate)
deleted the certificate from SSL/TLS Certificates
Restarted Plesk (service sw-engine restart && service sw-cp-server restart)
Re-enabled SSL in Hosting Settings
Selected Let’s Encrypt in SSL/TLS Certificates
Checked Hosting Settings (showed “Let’s Encrypt twojackspizza.com (twojackspizza.com)” selected)

@stevenzhu - I am not sure exactly what you mean by “decide the PEM”. Also, I can look at the certificate, but am not sure how to determine if it is the right one. I have only ever seen one certificate in there at any given time.

nj24 · October 2, 2019, 3:50pm

So, I just looked at the site again, and it is showing that the site is secure.

I haven’t done anything since my last update but…I guess it is working now. Thanks @JuergenAuer and @stevenzhu for taking the time to help!

system · November 1, 2019, 3:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.