Plesk bulk force renewal of Let’s Encrypt certificates for all domains
A few days ago I got a notice from the Let’s encrypt guys.
ACTION REQUIRED: Renew these Let's Encrypt certificates by March 4
We recently discovered a bug in the Let's Encrypt certificate authority code, described here:
Unfortunately, this means we need to revoke the certificates that were affected
by this bug, which includes one or more of your certificates. To avoid
disruption, you'll need to renew and replace your affected certificate(s) by
Wednesday, March 4, 2020. We sincerely apologize for the issue.
If you're not able to renew your certificate by March 4, the date we are
required to revoke these certificates, visitors to your site will see security
warnings until you do renew the certificate. Your ACME client documentation
should explain how to renew.
If you are using Certbot, the command to renew is:
certbot renew --force-renewal
If you need help, please visit our community support forum:
First of all let me say, these guys do a great job in providing free Certificate services. For more info : https://letsencrypt.org/
When you are running Plesk with a lot of domains you don’t want to go login into every account and force a Let’s Encrypt update to get a new certificate.
Please follow the guide below in order to renew and replace all certificates:
[ext-letsencrypt] renew-before-expiration = 365
4. Execute Let’s Encrypt renewal task to renew all the Let’s Encrypt certificates going to Tools & Settings > Scheduled Tasks > Click on Run Now for the following task:
/usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/letsencrypt/scripts/keep-secured.php'
If SSL It! extension is installed, also click Run Now for the following task:
/usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/sslit/scripts/keep-secured.php'
5. Go to Extensions > My Extensions > Panel.ini Editor > Open > Editor tab > Disable or remove the changes performed from Step 2/3:
;[ext-letsencrypt] ;renew-before-expiration = 365
That should do the trick for renewing all your certificates.