Plesk bulk force renewal of Let’s Encrypt certificates for all domains
A few days ago I got a notice from the Let’s encrypt guys.
ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4 We recently discovered a bug in the Let's Encrypt certificate authority code, described here: https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591 Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you'll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologize for the issue. If you're not able to renew your certificate by March 4, the date we are required to revoke these certificates, visitors to your site will see security warnings until you do renew the certificate. Your ACME client documentation should explain how to renew. If you are using Certbot, the command to renew is: certbot renew --force-renewal If you need help, please visit our community support forum: https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864
First of all let me say, these guys do a great job in providing free Certificate services. For more info : https://letsencrypt.org/
When you are running Plesk with a lot of domains you don’t want to go login into every account and force a Let’s Encrypt update to get a new certificate.
Please follow the guide below in order to renew and replace all certificates:
[ext-letsencrypt] renew-before-expiration = 365
4. Execute Let’s Encrypt renewal task to renew all the Let’s Encrypt certificates going to Tools & Settings > Scheduled Tasks > Click on Run Now for the following task:
/usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/letsencrypt/scripts/keep-secured.php'
If SSL It! extension is installed, also click Run Now for the following task:
/usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/sslit/scripts/keep-secured.php'
5. Go to Extensions > My Extensions > Panel.ini Editor > Open > Editor tab > Disable or remove the changes performed from Step 2/3:
;[ext-letsencrypt] ;renew-before-expiration = 365
That should do the trick for renewing all your certificates.