Symptoms
-
Domain
example.com
was secured with Let's Encrypt on Plesk server. -
Domain
example.com
was removed from the server at Domains > example.com > Remove. -
Let's Encrypt notifications about the removed domain are still being sent to a customer's email which was specified during SSL certificate request.
Cause
This is Let's Encrypt bug with ID EXTLETSENC-643, which is planned to be fixed in future updates.
Directory /usr/local/psa/var/modules/sslit/etc/live/example.com/
exists on the server or/and the certificate is presented in the database:
# plesk db "SELECT * FROM certificates WHERE name LIKE '%example.com%'"
Resolution
According to Let's Encrypt documentation, each email should contain an 'unsubscribe' link. In case of expiry notifications for one domain, use such links to unsubscribe. In other cases:
-
Move or delete the
/usr/local/psa/var/modules/sslit/etc/live/example.com/
directory:# mv /usr/local/psa/var/modules/sslit/etc/live/example.com/ ~/
-
Move or delete files mentioning the removed domain from the
./orders
folder# for i in $(grep -irl "example.com" /usr/local/psa/var/modules/sslit/orders/); do mv $i ~/; done
Note: Notifications are sent with a 1-day delay, therefore the last one may be received after applying the solution.
-
If the record in the database exists remove it as well:
# plesk db "DELETE FROM certificates WHERE name='certificate_name'"
Note: Specify the full certificate name in bold (e.g. Let's Encrypt example.com).