New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

renew.php is doing nothing, since 2.0.0 #165

Closed
genyx opened this Issue Apr 18, 2017 · 23 comments

Comments

Projects
None yet
9 participants
@genyx

genyx commented Apr 18, 2017

I really need help, cause my certificates (10+) are about to expire.

I can't renew my certificates. The first problem i found is that the renew script no longer is called 'renew-certificates.php' so my own script runs empty... but the new renew.php unter /opt/psa/admin/plib/modules/letsencrypt/scripts/ does not do anything. It ends after like 0 seconds.

Running

root@xxx:/opt/psa/admin/plib/modules/letsencrypt/scripts# ./le-run
[2017-04-18 20:49:32] ERR [extension/letsencrypt] Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
PHP Warning: Invalid argument supplied for foreach(); File: /opt/psa/admin/plib/modules/letsencrypt/library/Helper/Cli.php, Line: 41

Could not find any domain to install.
Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
PHP Warning: Invalid argument supplied for foreach(); File: /opt/psa/admin/plib/modules/letsencrypt/library/Helper/Cli.php, Line: 41

Could not find any domain to install.

exit status 1

Does nothing. But this is nor wrong, i think, since i dont provided a config.

(Same output for #/opt/psa/var/modules/letsencrypt/venv/bin/certbot --version which symlinks to le-run)

But the error Could not find any domain to install. must not be there. In the Plesk GUI i can see all my Letsencrypt Certs. (under https://plesk.domain:8443/modules/letsencrypt/ )

If i try to renew them in the GUI, i get the error message:
error
The name is empty?!

If i try to generate a cert for a totally new domain, there is not even any message. And in /opt/psa/var/modules/letsencrypt/etc/ there is nothing new.

Do i have to create a cli.ini file? It totally worked before (last cert is from 26th March) What could be the problem? Please answer if you need further informations.

System:
Plesk Onyx 17.0.17 Update 23
Debian 8.7
Plesk LE-Extension: 2.0.3 31


EDIT:

My provider stated this as Plesk Bug PPPM-6082. I am able to create new certificates for my subdomains, after removing them all in the 'Hosting-Settings'. For the main domain, i still get the error (picture above). Tried on multiple domains on this server.

EDIT2:

More informations found on the internet: https://support.plesk.com/hc/en-us/articles/115002623265-Let-s-Encrypt-is-unable-to-renew-a-certificate-Install-certificate-failure-Unable-to-set-certificate-name

@UFHH01

This comment has been minimized.

Show comment
Hide comment
@UFHH01

UFHH01 Apr 27, 2017

Update: The bug has been renamed to: => EXTLETSENC-105

UFHH01 commented Apr 27, 2017

Update: The bug has been renamed to: => EXTLETSENC-105

@retsifp

This comment has been minimized.

Show comment
Hide comment
@retsifp

retsifp May 3, 2017

This is REALLY A BAD ISSUE!
I have a lot certificates, and I don't have time to renew them all manually!
@xgin @sibprogrammer @janloeffler @pvasilevich
All my certs expire at 30.05.2017, I hope there will be a fix until then.
This is especially bad because the developers changed the behaviour and the certs are now renewed only one month before expiring... Before they renewed monthly (so I would have had some more safety margin to spot this issue...).

There might be an other problem: Is is possible that plesk tries to get the certificate when the cronjob runs (current setting is every night at 0:00)?
I tried to renew it manually ~3 times and now this domain is blocked for 7 days. (Let's encrypt has a limit of 5 certs per domain per 7 days...).
We will find that out in some days...

The good news:
Simple workaround for individual domains:

  • rename (DO NOT DELETE as suggested in the official workaround) your cert
  • the let's encrypt extension doesn't find your cert now and you can simply get a new one from the GUI. If anything fails (e.g. the above limit was exceeded), you have the old cert.

Edit:
Some more bad news:
According to certificate transparency, plesk indeed got new certificates every night:
bildschirmfoto von 2017-05-03 21-46-45

The three tries from today are my manual tries, the other ones are by plesk.

So: deactivate the let's encrypt-cronjob until this bug is fixed!

Edit2:
Seems that manual renewal works for subdomains.
BUT: Automatic renewal didn't work for subdomains either. So there was no error, but the server used the old cert until I renewed it manually now...

retsifp commented May 3, 2017

This is REALLY A BAD ISSUE!
I have a lot certificates, and I don't have time to renew them all manually!
@xgin @sibprogrammer @janloeffler @pvasilevich
All my certs expire at 30.05.2017, I hope there will be a fix until then.
This is especially bad because the developers changed the behaviour and the certs are now renewed only one month before expiring... Before they renewed monthly (so I would have had some more safety margin to spot this issue...).

There might be an other problem: Is is possible that plesk tries to get the certificate when the cronjob runs (current setting is every night at 0:00)?
I tried to renew it manually ~3 times and now this domain is blocked for 7 days. (Let's encrypt has a limit of 5 certs per domain per 7 days...).
We will find that out in some days...

The good news:
Simple workaround for individual domains:

  • rename (DO NOT DELETE as suggested in the official workaround) your cert
  • the let's encrypt extension doesn't find your cert now and you can simply get a new one from the GUI. If anything fails (e.g. the above limit was exceeded), you have the old cert.

Edit:
Some more bad news:
According to certificate transparency, plesk indeed got new certificates every night:
bildschirmfoto von 2017-05-03 21-46-45

The three tries from today are my manual tries, the other ones are by plesk.

So: deactivate the let's encrypt-cronjob until this bug is fixed!

Edit2:
Seems that manual renewal works for subdomains.
BUT: Automatic renewal didn't work for subdomains either. So there was no error, but the server used the old cert until I renewed it manually now...

@twistedpixel

This comment has been minimized.

Show comment
Hide comment
@twistedpixel

twistedpixel May 7, 2017

I believe I have the same issue and it's caused some of my certificates to expire and I cannot renew them because I'm hit with a rate limit error. Checking crt.sh on my domains shows that the extension is indeed generating new certificates basically every day.

Is there an ETA on a fix for this yet?

twistedpixel commented May 7, 2017

I believe I have the same issue and it's caused some of my certificates to expire and I cannot renew them because I'm hit with a rate limit error. Checking crt.sh on my domains shows that the extension is indeed generating new certificates basically every day.

Is there an ETA on a fix for this yet?

@elonmir

This comment has been minimized.

Show comment
Hide comment
@elonmir

elonmir May 10, 2017

Same issue on 2 servers... any solution in sight? Can we at least somehow install an older working function of the plugin?

elonmir commented May 10, 2017

Same issue on 2 servers... any solution in sight? Can we at least somehow install an older working function of the plugin?

@twistedpixel

This comment has been minimized.

Show comment
Hide comment
@twistedpixel

twistedpixel May 10, 2017

This has so far cost me over £100. It would be nice to get a response from the developers on an ETA. This is clearly a widespread bug that requires an urgent patch. It's obviously only affecting servers at the end of their 3 month renewal so I imagine thousands of servers will be affected over the next few weeks if this isn't fixed immediately.

twistedpixel commented May 10, 2017

This has so far cost me over £100. It would be nice to get a response from the developers on an ETA. This is clearly a widespread bug that requires an urgent patch. It's obviously only affecting servers at the end of their 3 month renewal so I imagine thousands of servers will be affected over the next few weeks if this isn't fixed immediately.

@retsifp

This comment has been minimized.

Show comment
Hide comment
@retsifp

retsifp May 10, 2017

Seems like an update to Plesk 17.5.3 fixed this issue for me. Fortunately, the limit was active only for one domain (since I deactivated the cronjob), so I could renew the other certificates.

I'm disappointed by the plesk devs that they have such poor communication about such a critical issue... 😞

retsifp commented May 10, 2017

Seems like an update to Plesk 17.5.3 fixed this issue for me. Fortunately, the limit was active only for one domain (since I deactivated the cronjob), so I could renew the other certificates.

I'm disappointed by the plesk devs that they have such poor communication about such a critical issue... 😞

@twistedpixel

This comment has been minimized.

Show comment
Hide comment
@twistedpixel

twistedpixel May 10, 2017

Exactly. We pay for Plesk to make our lives easier. There needs to be better communication than this. Bugs are a reality but leaving us in the dark on something like this is unacceptable.

Not to mention that not a single agent at Plesk Support had even heard about this so their internal communication is clearly just as bad.

twistedpixel commented May 10, 2017

Exactly. We pay for Plesk to make our lives easier. There needs to be better communication than this. Bugs are a reality but leaving us in the dark on something like this is unacceptable.

Not to mention that not a single agent at Plesk Support had even heard about this so their internal communication is clearly just as bad.

@elonmir

This comment has been minimized.

Show comment
Hide comment
@elonmir

elonmir May 10, 2017

I got 17.5.3 running, an the issue still persists... @retsifp

elonmir commented May 10, 2017

I got 17.5.3 running, an the issue still persists... @retsifp

@twistedpixel

This comment has been minimized.

Show comment
Hide comment
@twistedpixel

twistedpixel May 10, 2017

Yup, 17.5.3 and still this happens. The only solution is to unlink the old cert in Hosting Settings for a domain/subdomain, remove it in SSL Certs (via the domain's summary page) and then generate a new one through the Let's Encrypt extension. The problem is that if you've hit the rate limit, there's no way to undo it; you just have to wait a week which is ridiculous.

Make absolutely sure you've deactivated the daily cron job in Scheduled Tasks though or it will just keep hitting the rate limit indefinitely and you'll never be able to renew.

twistedpixel commented May 10, 2017

Yup, 17.5.3 and still this happens. The only solution is to unlink the old cert in Hosting Settings for a domain/subdomain, remove it in SSL Certs (via the domain's summary page) and then generate a new one through the Let's Encrypt extension. The problem is that if you've hit the rate limit, there's no way to undo it; you just have to wait a week which is ridiculous.

Make absolutely sure you've deactivated the daily cron job in Scheduled Tasks though or it will just keep hitting the rate limit indefinitely and you'll never be able to renew.

@elonmir

This comment has been minimized.

Show comment
Hide comment
@elonmir

elonmir May 10, 2017

My servers didn't hit any rate limit, just the annoying error message like the OP.

elonmir commented May 10, 2017

My servers didn't hit any rate limit, just the annoying error message like the OP.

@twistedpixel

This comment has been minimized.

Show comment
Hide comment
@twistedpixel

twistedpixel May 10, 2017

Are you sure? Might be worth it to check all your domains on https://crt.sh to be sure you aren't affected by the haywire daily renewal as you may not have noticed it yet. If any of your domains have an entry for basically every day, you will likely hit the rate limit at some point (unless your certificate renewal dates for your behaving domains are niceley staggered!)

twistedpixel commented May 10, 2017

Are you sure? Might be worth it to check all your domains on https://crt.sh to be sure you aren't affected by the haywire daily renewal as you may not have noticed it yet. If any of your domains have an entry for basically every day, you will likely hit the rate limit at some point (unless your certificate renewal dates for your behaving domains are niceley staggered!)

@rkosolapov

This comment has been minimized.

Show comment
Hide comment
@rkosolapov

rkosolapov May 11, 2017

Member

Hello. We are working on it.

Member

rkosolapov commented May 11, 2017

Hello. We are working on it.

@elonmir

This comment has been minimized.

Show comment
Hide comment
@elonmir

elonmir May 15, 2017

Is there an ETA for the fix? That problem is really annoying.

elonmir commented May 15, 2017

Is there an ETA for the fix? That problem is really annoying.

@xgin

This comment has been minimized.

Show comment
Hide comment
@xgin

xgin May 18, 2017

Member

Fixed in the extension version 2.1.0

Member

xgin commented May 18, 2017

Fixed in the extension version 2.1.0

@xgin xgin closed this May 18, 2017

@elonmir

This comment has been minimized.

Show comment
Hide comment
@elonmir

elonmir May 18, 2017

Nope, error still occurs after update. Tested with direct update, even removed plugin and reinstalled it.

elonmir commented May 18, 2017

Nope, error still occurs after update. Tested with direct update, even removed plugin and reinstalled it.

@twistedpixel

This comment has been minimized.

Show comment
Hide comment
@twistedpixel

twistedpixel May 18, 2017

@elonmir what error are you getting on renewal? Still the "no name" one?

twistedpixel commented May 18, 2017

@elonmir what error are you getting on renewal? Still the "no name" one?

@elonmir

This comment has been minimized.

Show comment
Hide comment
@elonmir

elonmir May 18, 2017

[2017-05-18 15:37:44] ERR [extension/letsencrypt] Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
PHP Warning: Invalid argument supplied for foreach(); File: /opt/psa/admin/plib/modules/letsencrypt/library/Helper/Cli.php, Line: 41

Error occured while sending feedback. HTTP code returned: 502
Could not find any domain to install.
Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
PHP Warning: Invalid argument supplied for foreach(); File: /opt/psa/admin/plib/modules/letsencrypt/library/Helper/Cli.php, Line: 41

Error occured while sending feedback. HTTP code returned: 502
Could not find any domain to install.

exit status 1

elonmir commented May 18, 2017

[2017-05-18 15:37:44] ERR [extension/letsencrypt] Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
PHP Warning: Invalid argument supplied for foreach(); File: /opt/psa/admin/plib/modules/letsencrypt/library/Helper/Cli.php, Line: 41

Error occured while sending feedback. HTTP code returned: 502
Could not find any domain to install.
Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
PHP Warning: Invalid argument supplied for foreach(); File: /opt/psa/admin/plib/modules/letsencrypt/library/Helper/Cli.php, Line: 41

Error occured while sending feedback. HTTP code returned: 502
Could not find any domain to install.

exit status 1
@xgin

This comment has been minimized.

Show comment
Hide comment
@xgin

xgin May 18, 2017

Member

@elonmir, cli.php seems to be executed instead of renew.php
Please make sure you run the correct script

Member

xgin commented May 18, 2017

@elonmir, cli.php seems to be executed instead of renew.php
Please make sure you run the correct script

@elonmir

This comment has been minimized.

Show comment
Hide comment
@elonmir

elonmir May 18, 2017

The renew Script instantly stops without further error notifications, same happens via the GUI.

elonmir commented May 18, 2017

The renew Script instantly stops without further error notifications, same happens via the GUI.

@xgin

This comment has been minimized.

Show comment
Hide comment
@xgin

xgin May 18, 2017

Member

Probably it works in case you don't see any error.
Improve verbosity with /usr/local/psa/admin/conf/panel.ini

[log]
filter.priority = 7

and run the renew

# plesk bin extension --exec letsencrypt renew.php
...
[2017-05-18 17:08:32] DEBUG [extension/letsencrypt] Skip renew <domain>: too early for expiration date 2017-08-12

For example I see a lot of messages like this, and that's ok.

If you experience any problems, you'd better ask our support.

Member

xgin commented May 18, 2017

Probably it works in case you don't see any error.
Improve verbosity with /usr/local/psa/admin/conf/panel.ini

[log]
filter.priority = 7

and run the renew

# plesk bin extension --exec letsencrypt renew.php
...
[2017-05-18 17:08:32] DEBUG [extension/letsencrypt] Skip renew <domain>: too early for expiration date 2017-08-12

For example I see a lot of messages like this, and that's ok.

If you experience any problems, you'd better ask our support.

@didiandalucia

This comment has been minimized.

Show comment
Hide comment
@didiandalucia

didiandalucia Jun 18, 2017

Problems, then please check the domain names! I thing so, that can been a problem, when expl. via plesk the domain or subdomain was added with big signs, expl. ABC....Z and not with abc....z! I see in Plesk a customer has add subdomains expl. Hallo.mydomain.com and not with hallo.mydomain.com - Then the cronjob will renew for Hallo.mydomain.com but a new certificate possible exists for hallo.mydomain.com! And then the bach job will renew every time again and find not an end!

So equal plesk must check their hosting panel, that clients cant add a domain with big signs, only with small signs! Domains normal everytime written with small letters but a user can use in the browser small or big letters!

Can been, when fixed to correct domain names, that letsencrypt is blocked a while - I dont know!

didiandalucia commented Jun 18, 2017

Problems, then please check the domain names! I thing so, that can been a problem, when expl. via plesk the domain or subdomain was added with big signs, expl. ABC....Z and not with abc....z! I see in Plesk a customer has add subdomains expl. Hallo.mydomain.com and not with hallo.mydomain.com - Then the cronjob will renew for Hallo.mydomain.com but a new certificate possible exists for hallo.mydomain.com! And then the bach job will renew every time again and find not an end!

So equal plesk must check their hosting panel, that clients cant add a domain with big signs, only with small signs! Domains normal everytime written with small letters but a user can use in the browser small or big letters!

Can been, when fixed to correct domain names, that letsencrypt is blocked a while - I dont know!

@vvolodko

This comment has been minimized.

Show comment
Hide comment
@vvolodko

vvolodko Jun 29, 2017

The problem do exists and is caused by case sensitive certificate name lookup introduced in 2.0.0.

vvolodko commented Jun 29, 2017

The problem do exists and is caused by case sensitive certificate name lookup introduced in 2.0.0.

@xgin xgin reopened this Jun 29, 2017

@xgin

This comment has been minimized.

Show comment
Hide comment
@xgin

xgin Jul 13, 2017

Member

The issue with MixedCaseDomains was fixed in 2.2.1

Member

xgin commented Jul 13, 2017

The issue with MixedCaseDomains was fixed in 2.2.1

@xgin xgin closed this Jul 13, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment