[Solved] Lets encrypt error email

[scambra]

I'm getting an error email regarding let's encrypt certificates, but it must be wrong because I have the certificate working.

I created a certificate only for webmail, not for the domain, because the domain is hosted in other hosting. The certificate for webmail.activescaffold.eu is issued, and it's valid to
February 17, 2025. But I get an error email like this:

Could not secure domains of scambra (login scambra) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:

** 'activescaffold.eu' **
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/2056443127/446212040265.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: 185.27.134.115: Invalid response from http://activescaffold.eu/.well-known/acme-challenge/4dT9hZpz0vNCkV9lP-rXvBv4HUi6_dTSMzDKj1gPdtY: "<html><body><script type=\"text/javascript\" src=\"/aes.js\" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,func"

The following domains have been secured without some of their Subject Alternative Names:

<none>

Could not renew Let`s Encrypt certificates for scambra (login scambra). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let`s Encrypt certificates has failed:

<none>

The following Let`s Encrypt certificates have been renewed without some of their Subject Alternative Names:

<none>

So it seems as it's trying to issue a certificate for the domain, which is in other hosting. Also, I don't understand why it says 

Renewal of the following Let`s Encrypt certificates has failed: <none>

[MoneyBroz]

1 hour ago, scambra said:

So it seems as it's trying to issue a certificate for the domain, which is in other hosting. Also, I don't understand why it says

Yes that is expected. you would need to have it pointed to Johnny before the certificate can be issued from Plesk.

[wolstech]

@MoneyBroz He specifically said he hosts the domain elsewhere intentionally. He's only using us for email and a single subdomain called demo.

This error is because Plesk doesn't support hosting a domain only for its webmail. The entire domain has to be hosted here for the auto-SSL to work properly. It will sort of work as you've seen, but it is going to constantly produce errors. The only way to stop these error emails is to disable the automatic SSL certificate installation entirely.

There is no option to tell Plesk "issue only a webmail cert" since its not a supported scenario. Do you want me to turn this function off for your domain?

 

[scambra]

Ok, thanks. I have removed the certificate, I don't want to cause troubles by having something trying to get a certificate again and again.

I was confused, because when requesting a new certificate, there is a checkbox to secure the domain name, and a checkbox to secure the webmail, and unchecking the domain name worked, I got the certificate for webmail, but I started to get error emails.

[wolstech]

It’s possible to do it when you issue the manually. The issue is that the automatic renewal tool doesn’t let you exclude the domain itself.

You can issue a certificate manually every 90 days with just the webmail selected and that will be just fine.

[scambra]

I deleted the certificate, but I got the error again, you may need to delete something

[wolstech]

Yeah we have to turn off the automatic renewals for the domain on our side. Just removing the cert won't work because it will simply try to reissue it.

I've turned off the automatic certificate renewals for the domain activescaffold.eu, and installed a webmail-only certificate for you. When the 90 days is up, simply reissue the cert manually and select only the webmail option.

[scambra]

Thanks