- Plesk for Linux
- Unable to install Let's Encrypt SSL with "404 not found", "Timeout", "Could not connect" or "400" errors:
<title>404 Not Found</title>
PLESK_ERROR: Error: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Fetching http://example.com/.well-known/acme-challenge/IvIvh2SslhaJRq_pHcxngfqUb7VF9zFW-BSEiJ5QVNY: Timeout
Error: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Could not connect to example.com
PLESK_ERROR: Failed to resolve the challenge for webmail.example.com.
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/yfjRVZKxC9CqoB8Sr3voY7VXFY4uoAZLk7XtvFwxUIo.
Detail: Invalid response from http://webmail.example.com/.well-known/acme-challenge/RGEvp1qd8_wT_rkPUh8bH4NLIfB9XmxhBC1HG6jlRYI: "404 Not Found"
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/Kb4TcWkuXujCZcarL9wzymSuOXyDDOIS8VVdooRvc1M.
Detail: Fetching http://www.example1.com.well-known/acme-challenge/VJcsye7xXLRGh9yNsxlMXqW26b0ylkxrTVQLyZ0Sfjk: Error getting validation data
- Global DNS contains AAAA record for IPv6, but in Plesk domain is assigned to ipv4 only in Domains > example.com > Web Hosting Access:
# dig @example example.tld AAAA
example.com 86400 IN AAAA 2001:db8:f61:a1ff:0:0:0:80
- Domain resolves to a non-Plesk IP globally or it does not list A record from name server globally:
# dig @example example.tld
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> @example -t any example.tld
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 8586
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;example.com. IN ANY
;; Query time: 97 msec
;; SERVER: 200.212.001.001#53(200.212.001.01)
;; WHEN: Fri Jun 2 02:56:09 2017
;; MSG SIZE rcvd: 36
- Domain has A record for www.example.com but not for example.com
Incorrect DNS configuration for a domain.
- Modify domain's DNS on a registrar side so that domain resolves to Plesk IP globally;
- If A record is not returned by one of the name servers, change DNS so that both name servers return A record globally;
- If global DNS contain AAAA record, add IPv6 address in Home > Domains > example.tld > Web Hosting Access > IPv6 Address or remove AAAA record from a global DNS for a domain;
- Add A record for the domain, without www prefix.
- If the issue persists, visit Let's encrypt installation fails with 'Challenge marked as invalid' error.
Note: If IP address was updated recently, wait until proper SPF record will be propagated.