- Plesk Onyx for Linux
- Plesk Onyx for Windows
Warning: Firstly, update the extension to the latest version according to How to update Plesk extensions. If there are no menus like Tools & Settings in Plesk installation, contact server's administrator or hosting provider's support for help, this means that account access is limited.
The article provides troubleshooting steps for errors that may be shown during Let's Encrypt certificate installation using Plesk Let's Encrypt extension. Errors may be different, here is an example:
PLESK_ERROR: Challenge marked as invalid
PLESK_ERROR: Error: Unable to obtain Let's Encrypt SSL certificate because of failed challenge for domain "example.com"
PLESK_ERROR: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/ExvXWHAk9uY6wdWH4MGO5s3Nul_DqwymszAC44RM33A.
The following things should be checked in order to get an SSL certificate installed:
Note: Let's Encrypt gives only 6 attempts to obtain a certificate in a week for a certain domain.
- Make sure that the domain is accessible through the internet.
- Make sure that the domain name resolves into the IP address which is set for the domain in Plesk hosting. Apache and IIS virtual hosts are created to strictly match the hostname and IP address. If a request for a domain comes to an IP address other than the one specified in the virtual host configuration, Let's Encrypt is unable to verify the website and give a certificate.
To find out the IP address the virtual host uses, check hosting settings of the domain at Domains > example.com > Web Hosting Access. Then compare this IP address with the IP address the domain resolves into using any 3rd-party service like http://get-site-ip.com
If a mismatch is found, change the DNS records or reassign the domain to correct the IP address. Contact hosting provider's or domain registrar's support if required.
- Domain should have a DNS A record for the main name, without www prefix in Plesk > Domains > example.com > DNS Settings
- If the server contains custom rewrite rules, disable them by renaming
web.config. Also, remove custom rewrite rules from Plesk > Domains > example.com > Apache & nginx settings.
- Temporarily move/rename website's index page if it contains special redirect code.
- If IPv6 is not enabled for the domain, make sure that there is no IPv6 DNS record in Plesk > Domains > example.com > DNS Settings. Remove the record or assign an IPv6 address.
- Make sure that the Run the website in compatibility mode for the legacy option "Separate SSL/TLS and non-SSL/TLS content Plesk > Domains > example.com > DNS Settings option is not enabled in Plesk > Tools & Settings > Domains > example.com > Hosting Settings
- Try to obtain a certificate. In case of success, revert all the required changes back, if required.
httpdocs/.well-known/directory if exists at Plesk - Domains > example.com > File Manager as it may have incorrect permissions.
- Restore default Plesk templates if they were customized.