[HUB] Unable to install Let's Encrypt certificate: Challenge marked as invalid

Created:

2017-05-26 11:55:47 UTC

Modified:

2017-06-24 14:23:19 UTC

1

Was this article helpful?


Have more questions?

Submit a request

[HUB] Unable to install Let's Encrypt certificate: Challenge marked as invalid

Applicable to:

  • Plesk

Symptoms

Unable to install SSL certificate from Let's Encrypt extension. The following error is shown:

Challenge marked as invalid

Cause

Let's Encrypt cannot access its files placed in domain's directory.

Resolution

Let's Encrypt creates temporary files in the depths of the domain's document root in order to create a certificate and verify that you own this domain. The following things should be checked in order to get an SSL certificate installed:

Note: Let's Encrypt gives only 6 attempts to obtain a certificate in a week for a certain domain.

  1. Make sure that the domain name resolves to the same IP address on which the domain's hosting is set up in Plesk. Apache and IIS virtual hosts are created to strictly match the hostname and IP address and, if a request for a domain comes to an IP address other than the one specified in the virtual host configuration, Let's Encrypt will be unable to verify the website and give you a certificate.

    To find out the IP address the virtual host uses, check hosting settings of the domain ( Domains > example.com > Web Hosting Access. Then, compare this IP address with the IP address the domain resolves into. In addition, try verifying the DNS record against several DNS servers, including your own (see KB article #213912165 for more information on how to trace name resolution problems):

    C:\\>nslookup example.com
    Name: example.com
    Address: 203.0.113.2

    If a mismatch is found, change the DNS records or reassign the domain to correct the IP address.

  2. Make sure that the website is accessible by HTTP. Disable HTTPs redirect in Plesk > Domains > example.com > Hosting Settings.
  3. (Windows)Make sure that the option Require SSL is turned off in IIS > Server > Sites > example.com > SSL Settings.
  4. If the server contains custom rewrite rules, disable them by renaming .htaccess file or web.config.

  5. Remove custom rewrite rules from Plesk > Domains > example.com > Apache & nginx settings.
  6. Temporary move/rename website's index page if it contains special redirect code.
  7. Restore default Plesk templates if there were changes.
  8. Try to obtain a certificate and if succeed, revert all the required changes back.

If the issue persists, or during the troubleshooting, the error was encountered, please check for the following available articles or search the solution in Knowledge Base :

Related HUBs

Have more questions? Submit a request

1 Comments

Please sign in to leave a comment.