Managing Let's Encrypt Settings

Plesk Let's Encrypt extension behavior is governed by a number of settings, for example:

  • How far in advance of the expiration date Let's Encrypt Certificates are renewed.
  • Whether the requests to the ACME server are recorded in the Plesk log or not.
  • The size of the RSA private key, and so on.

You can change these settings by specifying custom values in the [ext-letsencrypt] section of the panel.ini configuration file. For example, to have Let's Encrypt renew certificates 45 days in advance and to change the size of the RSA private key to 4096 bits, add the following section to the panel.ini file:

[ext-letsencrypt]
renew-before-expiration = 45
rsa-key-size = 4096
Let's Encrypt settings list

All Let's Encrypt extension settings that can be specified in panel.ini are described below:

Setting Type Description Default value

server

string

The ACME server directory URL.

https://acme-v01.api.letsencrypt.org/directory

rsa-key-size

integer

The size of the RSA private key, in bits.

2048

user-agent

string

The User-Agent HTTP header.

Plesk/$PRODUCT_VERSION

letsencrypt-url

string

The Let's Encrypt website URL.

https://letsencrypt.org/

terms-url

string

The Let's Encrypt Policy and Legal Repository URL.

https://letsencrypt.org/repository/

renew-before-expiration

integer

A number of days before expiration when the certificate is scheduled for auto-renewal.

30

config-dir

string

The path where certificates for third-party integration are stored.

$PRODUCT_ROOT/var/modules/letsencrypt/etc

verify

string

The path to the trusted CA Root Certificates bundle.

$PRODUCT_ROOT/admin/plib/modules/letsencrypt/resources/ca/cacert.pem

disable-cleanup

boolean

Disable the cleanup of token files after a domain dispute is resolved. 

false

log-requests

boolean

Log requests to the ACME server in the Plesk log.

false

secure-new-domain

 

boolean

Set the default state of the "Secure the domain with Let's Encrypt" checkbox shown when creating a new subscription, domain, or subdomain.

false

letsencrypt-docs-rate-limits-url

string

The URL to Let's Encrypt documentation about “Rate Limits”. The link is displayed in the extension's GUI error messages when Let's Encrypt rate limits have been exceeded.

https://letsencrypt.org/docs/rate-limits/

check-availability-delay

integer

*The wait time in seconds between attempts to check if a domain is accessible via HTTP.

5

check-availability-max-attempts

integer

*The maximum number of attempts to check if a domain is accessible via HTTP.

10

check-availability-timeout

integer

*Timeout in seconds for checking if a domain is accessible via HTTP. If within the time defined by check-availability-timeout, no response code is received, the domain is considered to be unavailable.

5

Note: *The Let’s Encrypt extension checks if a domain is accessible via HTTP each time a new domain is secured because domains can be unavailable some time after they created in Plesk. All settings starting with check-availability are applied during this check.

Note: If you have Let's Encrypt extension version 2.0.3 or earlier installed, update the extension to version 2.1 or later to change Let's Encrypt settings using the panel.ini configuration file.

 

Leave your feedback on this topic here

If you have questions or need support, please visit the Plesk forum or contact your hosting provider.
The comments below are for feedback on the documentation only. No timely answers or help will be provided.