Why is my certificate being renewed EVERY day...?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ukmessage.com

I ran this command: I didn’t run anything. The certificate is valid until November

It produced this output: It renews automatically EVERY day. No other domains on the same server do this. There are only two cronjobs - one hourly (keep-secured), and one weekly (remove-expired-tokens)

My web server is (include version): Plesk 18.0.29

The operating system my web server runs on is (include version): Unbuntu 18.04

My hosting provider, if applicable, is: Ionos

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk 18.0.29

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @grahamjones

checking your domain there is no daily renew visible - ukmessage.com - Make your website better - DNS, redirects, mixed content, certificates

But you should check why the certificate with three domain names is renewed 08-07, 08-08, 08-14.

Looks like something in your cron jobs is wrong.

Or you have started these renews manual.

But that's not daily.

PS: The website uses the wildcard certificate.

Issues like this are usually due to a malfunction in the ACME client. In this case, the Plesk Let’s Encrypt extension.

Sometimes it’s about failing to properly store the certificate (maybe the user’s disk is full), resulting in the next cronjob creating it from scratch. Sometimes it’s because there’s a mismatch between the domains it “wants” and the domains it’s actually issuing, so it’s never satisfied with the certificate it created last time. That one can crop up if wildcards are involved. Sometimes, as unlikely as it seems, there are multiple ACME clients competing over a domain,

If you have the latest version of the extension installed and it’s still happening, I would reach out to Plesk support and see whether they can investigate. There should be a sufficient log trail for them to figure it out.

Thanks for your rapid responses. I am still confused, though.

The settings for this domain are exactly the same for several other domains on the same server.

All of the other domains are being renewed on the correct timescales. But this domain is being renewed daily.

There are no cronjobs just for this domain.

That's wrong. Why do you think that?

Certificates are logged in CT-logs. You see the output - no daily renew.

What's the message telling you the certificate is renewed? Is it an automatic email?

I think OP might referring to these certificates, which are issued pretty close to each other.

I get a message every morning from Plesk saying the certificates have been renewed. But ONLY for this domain.

So, why does Plesk think the certificate is renewed each day, it it isn’t?

I hope my question to Plesk will get an answer…!

That's a Plesk bug and a Plesk problem.

Or your hoster has an old machine that sends that message.

Letsencrypt doesn't send daily mails.

Thanks - as I said I’ve taken it up with Plesk now

It’s not an old machine - it’s a brand new server

I still don’t see how it can happen - this email is not arising on any other domain on the same server using the same settings.

But as you say, it’s clearly a Plesk problem so I hope they can solve it…!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.