I'm using an own bash script as a wrapper around acme.sh to generate Lets Encrypt certificates. Because I need things like "mail." subdomains which can only be verified by acme.sh when the domain is the IP default, the "mail." does not exist explicitly as a domain, just an A record. The wrapper script also has the option to copy the cert to Dovecot, Postfix and ProFTPD.

When I first create a certificate, I can use Plesk CLI "certificate" to add it to Plesk, then I must assign it - once - in the GUI. I had hoped / assumed that after that, I could update the Plesk cert every 2 months via CLI, when acme.sh auto-generates a new version of the cert.

The description of the --update option at https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/certificate-ssl-certificates.39009/ says "Updates an existing SSL/TLS certificate's parameters.". I had hopefully assumed I could effectively swap in the new certificate components under the same name and it still being the assigned certificate.

Sadly, this does not work. I used a command like:

/usr/local/psa/bin/certificate --update "Lets Encrypt 40jahremomo.de" -domain 40jahremomo.de -key-file /root/.acme.sh/40jahremomo.de/40jahremomo.de.key -cert-file /root/.acme.sh/40jahremomo.de/40jahremomo.de.cer -cacert-file /root/.acme.sh/40jahremomo.de/ca.cer

This does not return an error code, but nor does it work. When Plesk then tries to reconfigure the webserver configuration I get messages like this:

TemplateException: AH00526: Syntax error on line 79 of /etc/apache2/plesk.conf.d/webmails/40jahremomo.dewebmail.conf:
SSLCertificateFile: file '/opt/psa/var/certificates/cert-kxZBX1' does not exist or is empty

file: /opt/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0

TemplateException: nginx: [emerg] BIOnewfile("/opt/psa/var/certificates/cert-kxZBX1") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/psa/var/certificates/cert-kxZBX1','r') error:2006D080:BIO routines:BIOnew_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

file: /opt/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0

When I log in to Plesk it tells me about the problem and offers a text link to reconfigure all webserver configs. This works:
Web server configuration is successfully completed: New configuration files were created and applied to the web server.

The strange thing is, that then the NEW certificates are in place!

So it really seems that not much is missing to get this proposed feature working. Without it I must number my certificates and reassign the new ones manually in Plesk GUI - just what I did'nt want, the mechanism should run fully automatically in the background.

In any case, the certificate command should not return "0" if I request an invalid operation.

Thanks!