Problem Description
- You receive an email notification indicating that you must renew your Let's Encrypt certificate, but this is supposed to be automatic
- You receive a certificate expiration notice email from expiry@letsencrypt.org
- You wish to manually renew or reissue your Let's Encrypt SSL certificate
Problem Resolution
Let's Encrypt certificates are issued on a 90-day basis and so they require renewal every 90 days. Although the Let's Encrypt SSL renewal process is automated with our control panel, Plesk, you may still receive renewal/expiry notices from Let's Encrypt. These notifications are automated by the Let's Encrypt organization (we do not control them). There are also many reasons why the certificate could fail to renew successfully, so if your notification explicitly states that the renewal was not successful, see below for info on how to resolve failures.
If you receive a Let's Encrypt expiry or renewal failure notice directly from Let's Encrypt, it's recommended to log in to Plesk to manually renew, just in case there's a problem with the automated renewal process.
Renewing or Reissuing a Let's Encrypt SSL Certificate
- Log into Plesk (click here to learn how)
- Navigate to the domain for which you received the notification
- Select the "SSL/TLS Certificates" button
- Select the "Renew" or "Reissue" button
That's it!
Tips:
- If, after successfully reissuing the certificate, you continue to receive expiration emails from Let's Encrypt then they're likely tied to the old certificate from prior to reissue. You can safely unsubscribe from them.
- If you get an error issuing the certificate after completing those steps, there are several potential reasons for this. Read about how to handle Let's Encrypt renewal failures here.
- If you would prefer a certificate that renews every year rather than 90 days, you can purchase a commercial certificate, but keep in mind that the renewal of commercial certs is similar to installing a new one, which is quite a bit more manual work than Let's Encrypt certificates are to renew.
- Watch out for domain changes: If you have made changes to a domain or subdomain that is included in a Let's Encrypt certificate, Plesk will generate a new certificate and the old one is simply left to expire, meaning you will still get notifications about the old one. You might not notice the difference because the differences between the old and new can be subtle, like adding a www or another subdomain. Examples:
- If the domain / subdomain / domain alias that has the error has been removed from Plesk and you're still getting these notifications, look for the unsubscribe option at the bottom of the emails and use it to unsubscribe.
- If you have moved your hosting to another provider, these notifications are legitimate as Plesk is unable to renew your certificate unless it is hosted with us. To stop the notifications you can either move the hosting back to us to continue using the certificate, or delete the SSL certificate from within Plesk. To delete the certificate follow steps 1 and 2 above, then choose the Advanced button, find the Let's Encrypt certificate in the list and remove it.
