Renewal of Let's Encrypt Certificates Using Plesk

Posted on Tue 14 June 2016 in Sysadmin

Note to self: If the Let's Encrypt extension for Plesk fails to renew a certificate (when triggered manually), disable the automatic forwarding to an SSL connection in the Apache settings. This forced secure connection seems to disturb the renewal script.

The error I got was something like this:

Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution:
2016-01-19 13:56:07,885:WARNING:letsencrypt.cli:Root (sudo) is required to run most of letsencrypt functionality.
Failed authorization procedure.
removed.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization ::
Invalid response from http://removed.domain.com/.well-known/acme-challenge/
REMOVED-ID [REMOVED IP]: 401
IMPORTANT NOTES: - The following errors were reported by the server:
Domain: removed.domain.com Type: urn:acme:error:unauthorized
Detail: Invalid response from http://removed.domain.com /.well-known/acme-challenge/
REMOVED-ID [REMOVED IP]: 401

See also this bug report on Github.

Let's hope the extension is going to renew all certificates automatically every month from now on, as it should.

Apache certificate let's encrypt Plesk SSL web server