Using Let's Encrypt certificates in Apache with Plesk 12.0


#1

Hello community!

I have a server running Debian 7 and Plesk 12.0 and using Apache. While there is an extension for Let’s Encrypt for Plesk 12.5, there isn’t one for version 12.0. No problem, I thought, and installed “Certbot” as described here: https://certbot.eff.org/#debianwheezy-apache

After installation I get this message:
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.

I guess that Plesk configures Apache and/or my domains in a way, which makes it impossible for Certbot to configure the neccessary things. This is what “/var/log/letsencrypt/letsencrypt.log” says:

2016-12-04 11:04:34,095:DEBUG:certbot.main:Root logging level set at 20
2016-12-04 11:04:34,095:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-12-04 11:04:34,119:DEBUG:certbot.main:certbot version: 0.9.3
2016-12-04 11:04:34,120:DEBUG:certbot.main:Arguments: []
2016-12-04 11:04:34,120:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null)
2016-12-04 11:04:34,122:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2016-12-04 11:04:35,222:DEBUG:certbot.plugins.disco:Other error:(PluginEntryPoint#apache): ('There has been an error in parsing the file (%s): %s', u'/etc/apache2/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf', u'Synta
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/disco.py", line 106, in prepare
    self._initialized.prepare()
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 190, in prepare
    self.check_parsing_errors("httpd.aug")
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/augeas_configurator.py", line 74, in check_parsing_errors
    raise errors.PluginError(msg)
PluginError: ('There has been an error in parsing the file (%s): %s', u'/etc/apache2/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf', u'Syntax error')
2016-12-04 11:04:35,222:DEBUG:certbot.plugins.selection:No candidate plugin
2016-12-04 11:04:35,222:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None

I don’t know whether these lines have to do anything with the above error message, but I would like to know the correct and maybe easiest way to install certificates for my domains created via Plesk. I have 13 domains on the server.

Does anyone have any experience with this special case?

Because of the fact that certificates from Let’s Encrypt expire after only three months, I would like set up the automatic renewal and so I guess I cannot install them manually in the first place.

Thanks for any replies!


#2

I think automatic (re)installation is going to be the tricky part with Plesk. Certbot’s “webroot” feature would easily let you get issued with certificates so long as it’s possible to make files appear on the Plesk controlled sites by just creating files on the server in the right place. But installing each new certificate in Apache involves the tangle of Plesk-related Apache configuration, so either some script would need to be written to navigate that labyrinth or you end up manually installing the new certificates after they’re created every say, 10 weeks. Sorry.


#3

Thanks for your reply. I was afraid that this is the “solution”…

I will do it now manually, creating the certificates via https://zerossl.com/ and manually inserting them into Plesk.

If someone finds a better solution one day, I’m still interested. :wink:


#4

I don’t use plesk … however with other similar control panels I’ve had a look in the apache config as to where the SSL certs are stored ( from a quick google it may be /usr/local/psa/var/certificates/ for plesk ). Then I simply either copy new certs to that location, or place a symlink from that location to where the certs are with certbot (/etc/letsencrypt/live/…) or whatever client you are using.

Not tested on plesk, but I know that method works on many other control panel systems and means everything can be easily automated :wink:

Note: This only really works if you have root access of course :wink:


#5

Thanks, I will give this a try and report back soon. I have root access.

For my first domain I created and inserted the certificate manually a few minutes ago, because my old one from startssl.com expired today (I wasn’t informed in advance, so I had to hurry).


#6

I had no time yet to automate the certificate request and installation in my special case, but I upgraded to Plesk 12.5 now to have the Let’s Encrypt extension. Unfortunately it does not work and it doesn’t add all domains to the certificates, so it’s no option for me and I still have to find another solution. As I said, I will report back when I have something. :slight_smile:


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.