Let's Encrypt

2017-07-20 15:43:44
Plesk Version
12.5 and up
Average Rating


Let's Encrypt is a certificate authority (CA) that allows you to create a free SSL certificate for your domains. Let's Encrypt extension for Plesk gives all Plesk users the power to get a free Let's Encrypt certificate with just a couple of clicks. Features: * Working out of the box, no setup or command line operations required * Signing of SSL certificates for domains, subdomains, domain aliases, and webmail * Automatic renewal of all certificates * Securing the Plesk panel itself System requirements: * All supported Linux platforms * Windows 2012 or later Known limitations: * If Plesk 12.5 is secured during the installation, the certificate will not be seen in the list of certificates on this Plesk instance. Indeed, Plesk Panel will be properly secured and the certificate will be updated on time.


# 2.2.2 (20 July 2017) * [*] To prevent Let's Encrypt extension from automatically securing Plesk Panel on installation, add the following setting in `panel.ini` before installing or updating the extension: ``` [ext-letsencrypt] disable-panel-auto-securing = false ``` * [-] In certain cases, when installing or upgrading the extension, a valid certificate used for securing Plesk Panel was detected as insecure and replaced with Let's Encrypt certificate. (EXTLETSENC-222) * [-] Setting the `verify` option to `true` in panel.ini config section for Let's Encrypt extension resulted in inability to connect to the Let's Encrypt CA servers. (EXTLETSENC-223) * [-] The command line interface did not allow to issue certificates for domains with `www` prefix. (EXTLETSENC-226) # 2.2.1 (12 July 2017) * [-] The extension incorrectly handled errors in communicating with Plesk Panel, which disrupted the functioning of extension itself. Now it correctly handles such errors, shows an explaining message and continues working when possible. (EXTLETSENC-221) # 2.2.0 (11 July 2017) * [!] This update contains changes, affecting both Let's Encrypt and Security Advisor extensions. Please also update Security Advisor to version 1.4.1 or later. * [+] Plesk Panel can now be secured with a Let's Encrypt certificate. The corresponding setting is now available at the SSL/TLS Certificates page. * [+] Upon installing or upgrading (either at Plesk installation or separately), the extension checks that a trusted certificate is used for Plesk Panel. If the extension detects a non-trusted (for example, self-signed) certificate, it automatically attempts to replace it with a trusted certificate from Let's Encrypt CA. Thus, in most cases, a fresh installation of Plesk Panel is secured since the first login. * [*] The extension now detects and renews Let's Encrypt certificates, obtained with Security Advisor for securing Plesk Panel. * [*] Renewing the Let's Encrypt certificates is now done at a random time within the day when the certificate is due to renewal. This helps evenly spreading the load on Let's Encrypt Certificate Authority and enables issuing more free certificates. * [-] Cases, when IPv6 was disabled for a subscription but an external DNS resolved the domain name to an IPv6 address, were not detected. This resulted in failing attempts to create a certificate. Now Plesk correctly detects such cases and shows a message, explaining the problem. (EXTLETSENC-182) * [-] The extension was not able to renew certificates, issued before updating the extension to version 2.0 for domain names with uppercase letters. (EXTLETSENC-211) * [-] The subscription's certificate README file was missing a link to the Certbot documentation. (EXTLETSENC-166) * [-] A failed certificate installation led to exhausting the Let's Encrypt rate limits for a domain, which resulted in inability to renew the certificate. (EXTLETSENC-198) * [-] On Windows servers, Renewing certificate for webmail.<domain.tld> failed. (EXTLETSENC-164) # 2.1.0 (18 May 2017) * [+] It is possible to include webmail to Let's Encrypt certificate request and secure both the domain and webmail with this certificate. * [*] Let's Encrypt custom settings can be configured via the `panel.ini` file. * [-] After a certificate for a subdomain had been issued, it was impossible to renew the certificate for the parent domain. (EXTLETSENC-105) # 2.0.3 (13 April 2017) * [*] The extension now logs its communication with the Let's Encrypt servers in the "panel.log". This enables better troubleshooting when there are some issues with requesting a certificate. # 2.0.2 (06 April 2017) * [*] Before requesting a certificate for multiple domain names, the extension verifies the ownership of each domain name included in the request. If a domain name passes the verification but its "www" counterpart fails it, the latter is excluded from the certificate signing request. After verification is finished, a warning message listing the excluded domain names is displayed. * [*] For each secured domain, the extension creates a symbolic link to the certificate. When the extension renews the certificate, it updates the link, so that the link always points to the latest certificate. * [-] On Windows 2012 and Windows 2016 servers, renewed certificates were not added to IIS. # 2.0.1 (28 March 2017) * [-] Let's Encrypt certificates could not be issued if no list of trusted root CAs could be found on the server. (EXTLETSENC-82) # 2.0.0 (27 March 2017) * [+] Domain aliases support added * [+] IDN domains support * [*] Granular and reliable renew process: the extension now performs a daily check for certificates which are about to expire and renews them not earlier than 30 days before their expiration * [*] Replaced Python-based certbot with PHP-based client * [-] Fixed installation issues with python dependencies when 3rd-parties upgrade breaks compatibility * [-] Fixed python-related issues (virtualenv and so on) on Windows # 1.9 (8 October 2016) * [+] Ubuntu 16 support added * [-] Fixed dist-upgrade issue on debian/ubuntu OSes # 1.8 (15 September 2016) * [*] Upgrade on Windows recreates virtualenv * [-] Fixed issues after upgrade Plesk to Onyx # 1.7 (26 August 2016) * [-] ConnectionError on Windows 2012 (issue #103) * [*] Update certificate with new API in Onyx * [*] Use certbot packages instead of letsencrypt * [+] Update subscriber agreement * [+] Hide disabled webspaces from the domains list # 1.6 (6 June 2016) * [*] Switch from system python to plesk-py27 on all unix OSes (issues #59, #68, #70) # 1.5 (4 March 2016) * [+] Windows support (2012 and above, Plesk 12.5 MU#24 is required) * [+] Translation added (ar, cs-CZ, da-DK, de-DE, el-GR, es-ES, fi-FI, fr-FR, he-IL, hu-HU, id-ID, it-IT, ja-JP, ko-KR, ms-MY, nb-NO, nl-NL, pl-PL, pt-BR, pt-PT, ro-RO, ru-RU, sv-SE, th-TH, tl-PH, tr-TR, uk-UA, vi-VN, zh-CN, zh-TW) * [-] Always put .htaccess in the challenges folder (issues #63 and #82) # 1.4 (19 February 2016) * [-] Fixed certificates renew task broken in 1.3 (issue #77) # 1.3 (15 February 2016) * [+] Debian 6 is now supported * [+] Extension now ignores unsupported domains: * Inactive (disabled/suspended) domains * Wildcard subdomains * Domains without web hosting * IDN domains * [+] Users can now secure Plesk with www. prefix in hostname (issue #11) * [+] Store CLI options for certificate renewal (issue #46) * [+] Disable rewrite rules and satisfy authentication (with `.htaccess` file) in challenges directory (issues #13 and #16) * [-] No more conflicts with alt-python-virtualenv on CloudLinux * [-] Fixed PHP Warning: Invalid argument supplied for foreach * [-] ExpatError in case Plesk port 8443 is customized (issue #30). Thanks to @MatrixCrawler * [-] Disable HTTPS warnings: localhost is always trusted # 1.2 (23 December 2015) * [+] Ability to use the certificate for Plesk (issue #11) * [+] CLI to use the certificate for Plesk: `--letsencrypt-plesk:plesk-secure-panel` (issue #11) * [+] Add note about monthly certificate renewal * [-] Fixed duplicate renew tasks if the original was changed # 1.1 (14 December 2015) * [+] Ability to include www.domain.tld as an alternative domain name (issue #4) * [-] Save the previously used e-mail address (issue #17) # 1.0 (4 December 2015) * [*] Install binary dependencies from wheels (gcc is not required) * [+] List of hosted domains and subdomains * [+] Button under each domain on Websites&Domains * [+] Submit e-mail and automatically install the certificate on the domain * [+] Monthly task renews certificates issued by Let's Encrypt (according to the name of the certificate) * [*] Retrieve info about hosted domains through Plesk API * [+] Install certificates in Plesk * [+] Treat www.domain.tld as an alias of domain.tld