Plesk bulk force renewal of Let’s Encrypt certificates for all domains

Plesk bulk force renewal of Let’s Encrypt certificates for all domains

A few days ago I got a notice from the Let’s encrypt guys.

ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4

We recently discovered a bug in the Let's Encrypt certificate authority code, described here:
https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591

Unfortunately, this means we need to revoke the certificates that were affected 
by this bug, which includes one or more of your certificates. To avoid 
disruption, you'll need to renew and replace your affected certificate(s) by 
Wednesday, March 4, 2020. We sincerely apologize for the issue.

If you're not able to renew your certificate by March 4, the date we are 
required to revoke these certificates, visitors to your site will see security 
warnings until you do renew the certificate. Your ACME client documentation 
should explain how to renew.

If you are using Certbot, the command to renew is:

certbot renew --force-renewal

If you need help, please visit our community support forum: 
https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864

First of all let me say, these guys do a great job in providing free Certificate services. For more info : https://letsencrypt.org/

When you are running Plesk with a lot of domains you don’t want to go login into every account and force a Let’s Encrypt update to get a new certificate.

Please follow the guide below in order to renew and replace all certificates:

1. Log in to the Plesk GUI
2. Install Panel.ini Editor extension
3. Go to Extensions > My Extensions > Panel.ini Editor > Open > Editor tab > Add the following configuration:

[ext-letsencrypt]
renew-before-expiration = 365

4. Execute Let’s Encrypt renewal task to renew all the Let’s Encrypt certificates going to Tools & Settings > Scheduled Tasks > Click on Run Now for the following task:

/usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/letsencrypt/scripts/keep-secured.php'

If SSL It! extension is installed, also click Run Now for the following task:

/usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/sslit/scripts/keep-secured.php'

5. Go to Extensions > My Extensions > Panel.ini Editor > Open > Editor tab > Disable or remove the changes performed from Step 2/3:

;[ext-letsencrypt]
;renew-before-expiration = 365

That should do the trick for renewing all your certificates.

One Response so far.

Leave a Reply

Your email address will not be published. Required fields are marked *

15 − 12 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.