The article provides steps for issues with installing SSL certificate from Let's Encrypt extension when either of the following errors are shown:
PLESK_ERROR: Challenge marked as invalid
PLESK_ERROR: Error: Unable to obtain Let's Encrypt SSL certificate because of failed challenge for domain "example.com"
PLESK_ERROR: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/ExvXWHAk9uY6wdWH4MGO5s3Nul_DqwymszAC44RM33A.
The following things should be checked in order to get an SSL certificate installed:
Note: Let's Encrypt gives only 6 attempts to obtain a certificate in a week for a certain domain.
Make sure that the domain name resolves into the IP address which is set for the domain in Plesk hosting. Apache and IIS virtual hosts are created to strictly match the hostname and IP address. If a request for a domain comes to an IP address other than the one specified in the virtual host configuration, Let's Encrypt is unable to verify the website and give a certificate.
To find out the IP address the virtual host uses, check hosting settings of the domain at Domains > example.com > Web Hosting Access. Then compare this IP address with the IP address the domain resolves into. In addition, try verifying the DNS record against several DNS servers, including your own (see KB article #213912165 for more information on how to trace name resolution problems):
C:\> nslookup example.comIf a mismatch is found, change the DNS records or reassign the domain to correct the IP address.
- Make sure that the website is accessible by HTTP. Disable HTTPs redirect in Plesk > Domains > example.com > Hosting Settings.
- For Windows: make sure that the option
Require SSLis turned off in IIS > Server > Sites > example.com > SSL Settings.
- Make sure that there are no problems with virtual hosts' configuration files using Webserver Configuration troubleshooter extension.
- Domain should have a DNS A record for the main name, without www prefix in Plesk > Domains > example.com > DNS Settings
If the server contains custom rewrite rules, disable them by renaming
web.config. Also, remove custom rewrite rules from Plesk > Domains > example.com > Apache & nginx settings.
- Temporarily move/rename website's index page if it contains special redirect code.
- Restore default Plesk templates if they were customized.
- If IPv6 is not enabled for the domain, make sure that there is no IPv6 DNS record in Plesk > Domains > example.com > DNS Settings. Remove the record or assign an IPv6 address.
- Make sure that the Run the website in compatibility mode for the legacy option "Separate SSL/TLS and non-SSL/TLS content Plesk > Domains > example.com > DNS Settings option is not enabled in Plesk > Tools & Settings > Domains > example.com > Hosting Settings
- Try to obtain a certificate. In case of success, revert all the required changes back, if required.
If the issue persists, check for the following articles in Knowledge Base :
- Unable to install Let's Encrypt SSL certificate on LiteSpeed web server: Invalid response: 502 Bad Gateway
- Error while installing Let's Encrypt certificate on Umbraco CMS: Could not connect to example.com
- Unable to install Let's Encrypt SSL Certificate for domain: Invalid response 503
#115001463089 [HUB] 502 Bad Gateway
#115001611805 [HUB] 504 Gateway Timeout
#115001745365 [HUB] 99: Cannot assign requested address and AH00072: make_sock: could not bind to address
#115001874705 [HUB] 403 Forbidden
#213415429 [HUB] Unable to login to Plesk
#115002107425 [HUB] 503 Service Unavailable