• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Let's Encrypt failing to renew if one alias domain is expired

Denis Gomes Franco

Denis Gomes Franco

Regular Pleskian
Hello. Here's something that happened today with one of my customers. His website uses two domains, a main one and an alias domain. The Let's Encrypt certificate was valid until nov 29th and didn't renew because the alias domain (and not the main domain) expired due to non payment.

I understand that the renewal process should fail because Let's Encrypt could not validate the alias domain, and I understand that it's up to the customer to keep their domains' payments up to date. But I think in these cases Plesk could try to issue a new certificate using only the main domain associated with the subscription, and then warn the administrator of a failed validation of the additional domains.

Due to this issue the main domain got unsecured for a few days. No big deal, the customer was at fault here, but anyway, I'll leave my suggestion here.
 
Aren't LE certificates renewed a month before they expire? If your customer ignored the renewal failure for a month, then yes it's their fault alone.
 
I run a managed hosting and website care business so my customers don't have to deal with technical stuff, so I'll be receiving any warnings and not them.

TBH I am not paying much attention (that's what automations are for LOL) but I do remember receiving emails from the Lets Encrypt bot warning about an impeding renewal. These emails, though, do not contain any warnings about expired or invalid domains.

The thing is: certificate renewals *are* going through just fine, except when one domain stops working. It's not a big deal as it does not happen so frequently, but I just thought about Plesk going forward with just the main domain in case of an error.
 
You must log in or register to reply here.

Similar threads

G J Piper
Resolved SSL It! Let's Encrypt Not Issuing Certificate on MX-only Domain
Replies
8
Views
614
G J Piper
G J Piper
S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
1K
SilentWarrior
S
M
Issue Let's Encrypt Bulk Domain Renewal
Replies
4
Views
600
MacGyver
M
W
Question Wanted: Best practice for certificates (Lets Encrypt) two separate Plesk servers for www and mail
2
Replies
20
Views
2K
W4ru
W
D
Question Renewing Let's encrypt automatically
Replies
6
Views
2K
iainh
I
Back
Top