Bobcares
Client Area
Emergency Support
Latest | Plesk

Plesk Let’s Encrypt Not Renewing | Multiple Solutions Revealed

by | Aug 25, 2022

In Plesk, “Let’s Encrypt not renewing” is a regular problem that may be easily fixable using a few methods in this article. At Bobcares, with our Plesk Hosting Support Services, we can handle your Plesk Let’s Encrypt renewal issues.

Plesk: Let’s Encrypt Not Renewing Error

While we renew the Let’s Encrypt certificate, we may sometimes encounter an error message. The Let’s Encrypt Not Renewing Error in Plesk occurs due to many reasons. Considering those reasons, we should decide on the solution. In this article, we will look into some of the reasons and solutions to fix it.

 

plesk let's encrypt not renewing

 

 

 

 

 

 

 

Reasons For The Error

Reason 1

When we initiate the process of renewing the Let’s Encrypt certificate in Home > Domains > Domain.com > SSL/TLS Certificates > Reissue Certificate, the error may happen. The error occurs as the Plesk and the domain is secured by the same certificate and the certificate cannot be deleted. The error message looks like this:

Error: Let's Encrypt SSL/TLS certificate installation failed:
Remove certificate failure: One of the certificates you are going to delete is used for securing Plesk.
Solution:

The most appropriate solution is by securing Plesk with a unique certificate. Therefore, we have to use separate certificates to secure Plesk with the mail server and domain. To secure Plesk, follow the below steps:

  1. Firstly, login to Plesk.
  2. Then navigate to Home > Tools & Settings > SSL/TLS Certificates > Let’s Encrypt.
  3. Now set the server hostname as the Domain name.
  4. Click the Renew button
  5. Then go to Home > Tools & Settings > SSL/TLS Certificate
  6. lastly, change the Certificate for securing mail to Let’s Encrypt certificate.

To secure the domain, we can follow the below steps:

  1. Firstly, login to Plesk.
  2. Then navigate to Home > Domains > example.com > SSL/TLS Certificates.
  3. Finally, click the Reissue Certificate button.
Reason 2

The Local DNS service stops in Tools & Settings > Services Management. We cannot create a new Let’s Encrypt SSL/TLS certificate or renew an existing one in Plesk. A message sent to the user’s Plesk displays the following error:

Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
Authorization for the domain failed.
Details Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/9_fD4pJYnd6o4DNUxbG0WNtYOOm-G6TeHcz8TN1K9f4. Details: Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "Rq5AN5tnNTHnUNfh2byBWzDZNePjIOcSJDMJYK0ku6A" found at _acme-challenge.example.com
Solution:
  1. Firstly, Login to Plesk
  2. Then start the DNS service in Tools & Settings > Services Management.
  3. Navigate to Domains > example.com > SSL/TLS Certificates.
  4. Now click on Reissue certificate.
  5. An image follows up. Then double-check if the TXT record resolves externally. This can be checked via ssh using the command dig TXT _acme-challenge.example.com +short.
  6. If it does not resolve, add the record to the external DNS server, removing other existing acme-challenge records from there.
  7. Finally, go back to the Plesk screen and click Reload button.
Reason 3

The product issue: #EXTLETSENC-573 “Decreased the possibility of rare issues when IDN domains could not be secured with SSL/TLS certificates from Let’s Encrypt.” is the reason for the error. Automatic Let’s Encrypt Certificate renewal for securing Plesk fails and the following error message can be found in /var/log/plesk/panel.log file:

# egrep “ILLEGAL_ARGUMENT” /var/log/plesk/panel.log
…
ERR [extension/letsencrypt] Failed to renew Panel certificate: idn_to_ascii: empty domain name: U_ILLEGAL_ARGUMENT_ERROR.
…
Solution:

Updating the server is the best solution. If the update isn’t possible, renewing manually Let’s Encrypt Certificate for securing Plesk going to Tools & Settings > SSL/TLS Certificates > Let’s Encrypt > Renew works successfully.

Reason 4

Let’s Encrypt auto-renew task is not working for Plesk or a domain if we rename it previously. This is because the Let’s Encrypt auto-renew feature relies on certificate names and does not recognize certificate names other than Let’s Encrypt example.com.

Solution:

Renewing the certificate manually in Tools & Settings > SSL/TLS Certificates > Let’s Encrypt > Renew is the available to secure Plesk. Also, to secure the domain, renew this certificate manually from Domains > example.com > SSL/TLS Certificates > Get it free.

Reason 5

The module runAllManagedModulesForAllRequests is enabled in the domain’s web .config file. So Let’s Encrypt certificate for a particular domain in Plesk can not be renewed automatically with the error message below:

Failed to renew certificate of domain 'example.com': Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/13769068820.
Details:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: Fetching https://acme-challenge.localhost:443/.well-known/acme-challenge/jhpl_titvpnxqcffch5s9semwhzx1ytmjnhnngeyqek:
Invalid hostname in redirect target, must end in IANA registered TLD
Solution:
  1. Firstly, login to Plesk.
  2. Then go to Domains > example.com > File Manager page.
  3. Now click on the file named web.config to open it for editing.
  4. Disable the runAllManagedModulesForAllRequests module by modifying the below lines: 
    <modules

    runAllManagedModulesForAllRequests=“true”>

    </modules>

    Modified to:
    <modules

    runAllManagedModulesForAllRequests=“false”>

    </modules>

  5. Finally, click the Save button to apply changes.

[Looking for a solution to another query? We are just a click away.]

Conclusion

To conclude, we provide different solutions from our Support team for various causes of the error in Plesk, Let’s Encrypt not renewing.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. Unable to access Plesk Installer page from an Apple device
  2. JWS has an invalid anti-replay nonce error in Plesk | Resolved
  3. Misconfiguration of the Common Challenge Directory | Fix-it
  4. Unable to start Apache after dist-upgrade on Plesk server

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

GET UP TO 25% OFF

Plesk Support

Spend time on your business, not on your servers.

Managing a server is time consuming. Whether you are an expert or a newbie, that is time you could use to focus on your product or service. Leave your server management & end-user tech support to us, and use that time to focus on the growth and success of your business.

TALK TO USOr click here to learn more.

Related Articles

  1. Unable to access Plesk Installer page from an Apple device
  2. JWS has an invalid anti-replay nonce error in Plesk | Resolved
  3. Misconfiguration of the Common Challenge Directory | Fix-it
  4. Unable to start Apache after dist-upgrade on Plesk server

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF