renew.php is doing nothing, since 2.0.0

[delasource]

I really need help, cause my certificates (10+) are about to expire.

I can't renew my certificates. The first problem i found is that the renew script no longer is called 'renew-certificates.php' so my own script runs empty... but the new renew.php unter /opt/psa/admin/plib/modules/letsencrypt/scripts/ does not do anything. It ends after like 0 seconds.

Running

root@xxx:/opt/psa/admin/plib/modules/letsencrypt/scripts# ./le-run
[2017-04-18 20:49:32] ERR [extension/letsencrypt] Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
PHP Warning: Invalid argument supplied for foreach(); File: /opt/psa/admin/plib/modules/letsencrypt/library/Helper/Cli.php, Line: 41

Could not find any domain to install.
Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
PHP Warning: Invalid argument supplied for foreach(); File: /opt/psa/admin/plib/modules/letsencrypt/library/Helper/Cli.php, Line: 41

Could not find any domain to install.

exit status 1

Does nothing. But this is nor wrong, i think, since i dont provided a config.

(Same output for #/opt/psa/var/modules/letsencrypt/venv/bin/certbot --version which symlinks to le-run)

But the error Could not find any domain to install. must not be there. In the Plesk GUI i can see all my Letsencrypt Certs. (under https://plesk.domain:8443/modules/letsencrypt/ )

If i try to renew them in the GUI, i get the error message: The name is empty?!

If i try to generate a cert for a totally new domain, there is not even any message. And in /opt/psa/var/modules/letsencrypt/etc/ there is nothing new.

Do i have to create a cli.ini file? It totally worked before (last cert is from 26th March) What could be the problem? Please answer if you need further informations.

System: Plesk Onyx 17.0.17 Update 23 Debian 8.7 Plesk LE-Extension: 2.0.3 31

---

EDIT:

My provider stated this as Plesk Bug PPPM-6082. I am able to create new certificates for my subdomains, after removing them all in the 'Hosting-Settings'. For the main domain, i still get the error (picture above). Tried on multiple domains on this server.

EDIT2:

More informations found on the internet: https://support.plesk.com/hc/en-us/articles/115002623265-Let-s-Encrypt-is-unable-to-renew-a-certificate-Install-certificate-failure-Unable-to-set-certificate-name

[UFHH01]

Update: The bug has been renamed to: => EXTLETSENC-105

[retsifp]

This is REALLY A BAD ISSUE! I have a lot certificates, and I don't have time to renew them all manually! @xgin @sibprogrammer @janloeffler @pvasilevich All my certs expire at 30.05.2017, I hope there will be a fix until then. This is especially bad because the developers changed the behaviour and the certs are now renewed only one month before expiring... Before they renewed monthly (so I would have had some more safety margin to spot this issue...).

There might be an other problem: Is is possible that plesk tries to get the certificate when the cronjob runs (current setting is every night at 0:00)? I tried to renew it manually ~3 times and now this domain is blocked for 7 days. (Let's encrypt has a limit of 5 certs per domain per 7 days...). We will find that out in some days...

The good news: Simple workaround for individual domains:

• rename (DO NOT DELETE as suggested in the official workaround) your cert
• the let's encrypt extension doesn't find your cert now and you can simply get a new one from the GUI. If anything fails (e.g. the above limit was exceeded), you have the old cert.

Edit: Some more bad news: According to certificate transparency, plesk indeed got new certificates every night:

The three tries from today are my manual tries, the other ones are by plesk.

So: deactivate the let's encrypt-cronjob until this bug is fixed!

Edit2: Seems that manual renewal works for subdomains. BUT: Automatic renewal didn't work for subdomains either. So there was no error, but the server used the old cert until I renewed it manually now...

[twistedpixel]

I believe I have the same issue and it's caused some of my certificates to expire and I cannot renew them because I'm hit with a rate limit error. Checking crt.sh on my domains shows that the extension is indeed generating new certificates basically every day.

Is there an ETA on a fix for this yet?

[elonmir]

Same issue on 2 servers... any solution in sight? Can we at least somehow install an older working function of the plugin?

[twistedpixel]

This has so far cost me over £100. It would be nice to get a response from the developers on an ETA. This is clearly a widespread bug that requires an urgent patch. It's obviously only affecting servers at the end of their 3 month renewal so I imagine thousands of servers will be affected over the next few weeks if this isn't fixed immediately.

[retsifp]

Seems like an update to Plesk 17.5.3 fixed this issue for me. Fortunately, the limit was active only for one domain (since I deactivated the cronjob), so I could renew the other certificates.

I'm disappointed by the plesk devs that they have such poor communication about such a critical issue... :disappointed:

[twistedpixel]

Exactly. We pay for Plesk to make our lives easier. There needs to be better communication than this. Bugs are a reality but leaving us in the dark on something like this is unacceptable.

Not to mention that not a single agent at Plesk Support had even heard about this so their internal communication is clearly just as bad.

[elonmir]

I got 17.5.3 running, an the issue still persists... @retsifp

[twistedpixel]

Yup, 17.5.3 and still this happens. The only solution is to unlink the old cert in Hosting Settings for a domain/subdomain, remove it in SSL Certs (via the domain's summary page) and then generate a new one through the Let's Encrypt extension. The problem is that if you've hit the rate limit, there's no way to undo it; you just have to wait a week which is ridiculous.

Make absolutely sure you've deactivated the daily cron job in Scheduled Tasks though or it will just keep hitting the rate limit indefinitely and you'll never be able to renew.

[elonmir]

My servers didn't hit any rate limit, just the annoying error message like the OP.

[twistedpixel]

Are you sure? Might be worth it to check all your domains on https://crt.sh to be sure you aren't affected by the haywire daily renewal as you may not have noticed it yet. If any of your domains have an entry for basically every day, you will likely hit the rate limit at some point (unless your certificate renewal dates for your behaving domains are niceley staggered!)

[rkosolapov]

Hello. We are working on it.

[elonmir]

Is there an ETA for the fix? That problem is really annoying.

[xgin]

Fixed in the extension version 2.1.0

[elonmir]

Nope, error still occurs after update. Tested with direct update, even removed plugin and reinstalled it.

[twistedpixel]

@elonmir what error are you getting on renewal? Still the "no name" one?

[elonmir]

[2017-05-18 15:37:44] ERR [extension/letsencrypt] Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
PHP Warning: Invalid argument supplied for foreach(); File: /opt/psa/admin/plib/modules/letsencrypt/library/Helper/Cli.php, Line: 41

Error occured while sending feedback. HTTP code returned: 502
Could not find any domain to install.
Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
PHP Warning: Invalid argument supplied for foreach(); File: /opt/psa/admin/plib/modules/letsencrypt/library/Helper/Cli.php, Line: 41

Error occured while sending feedback. HTTP code returned: 502
Could not find any domain to install.

exit status 1

[xgin]

@elonmir, cli.php seems to be executed instead of renew.php Please make sure you run the correct script

[elonmir]

The renew Script instantly stops without further error notifications, same happens via the GUI.

[xgin]

Probably it works in case you don't see any error. Improve verbosity with /usr/local/psa/admin/conf/panel.ini

[log]
filter.priority = 7

and run the renew

# plesk bin extension --exec letsencrypt renew.php
...
[2017-05-18 17:08:32] DEBUG [extension/letsencrypt] Skip renew <domain>: too early for expiration date 2017-08-12

For example I see a lot of messages like this, and that's ok.

If you experience any problems, you'd better ask our support.

[didiandalucia]

Problems, then please check the domain names! I thing so, that can been a problem, when expl. via plesk the domain or subdomain was added with big signs, expl. ABC....Z and not with abc....z! I see in Plesk a customer has add subdomains expl. Hallo.mydomain.com and not with hallo.mydomain.com - Then the cronjob will renew for Hallo.mydomain.com but a new certificate possible exists for hallo.mydomain.com! And then the bach job will renew every time again and find not an end!

So equal plesk must check their hosting panel, that clients cant add a domain with big signs, only with small signs! Domains normal everytime written with small letters but a user can use in the browser small or big letters!

Can been, when fixed to correct domain names, that letsencrypt is blocked a while - I dont know!

[vvolodko]

The problem do exists and is caused by case sensitive certificate name lookup introduced in 2.0.0.

[xgin]

The issue with MixedCaseDomains was fixed in 2.2.1