Symptoms
- The message like below can be received for domain, subdomain, domain alias, or webmail:
"Could not secure domains of John Doe (login jdoe) with Let's Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:
'example.com'
Missed domain names failed to pass validation: webmail.example.com
The following domains have been secured without some of their Subject Alternative Names:
<none>
Could not renew Let's Encrypt certificates for Joe Doe (login joedoe). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let's Encrypt certificates has failed:
<none>
The following Let's Encrypt certificates have been renewed without some of their Subject Alternative Names:
<none>"
-
SSL it! Keep websites secured is enabled in Subscriptions > example.com > Customize > Additional Services or
Service Plans > Service Plan Name > Additional Services:
Cause
The "Keep secured" mechanism does not depend on options selected during SSL certificate issuing. When this feature is turned on, the certificate will be installed/renewed for every domain, subdomain, domain alias, or webmail that belongs to a subscription based on that hosting plan and that is:
- Secured with a self-signed SSL/TLS certificate.
- Secured with an expired SSL/TLS certificate.
- Not secured with an SSL/TLS certificate.
The self-signed or expired SSL/TLS certificate is replaced with a Let’s Encrypt certificate.
Resolution
To stop receiving emails about unsecured object, log in to Plesk and set the option to None:
- For subscription: Subscriptions > example.com > Customize > Additional Services and set option to None
-
For service plan: Service Plans > Service Plan Name > Additional Services and set the option to None
