Unable to install a Let's Encrypt certificate for a domain in Plesk for Windows: 404 Not Found

Follow

Comments

8 comments

  • Avatar
    keith elman

    I got as far as step #4 and could not create a Let's Encrypt certificate - only the following error:

    Error: Could not issue a Let's Encrypt SSL/TLS certificate for mydomain.com. Authorization for the domain failed.
    Details

    Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/X2cfjDA4SYwrReayLghRZR21jqN6Cs6dFb0zC6sHNWQ.
    Details:
    Type: urn:acme:error:tls
    Status: 400
    Detail: Fetching https://mydomain.com/.well-known/acme-challenge/9ll2APvcmH1uhKztKnZOx8RguxItvm7xy5ZvGgr48ME: local error: tls: no renegotiation
     
    The challenge above is present in the httpdocs\.well-known\acme-challenge (along with all the others) and is accessible from internet. 
     
    I've been working on this for the past 2 weeks but cannot resolve it.  It started out as a non-renewal of the cert but even after deleting it, all attempts at creating a new one have failed so any help is greatly appreciated.
    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @keith,

    Please, make sure that web access to domain folder httpdocs\.well-known\acme-challenge is not being blocked by domain configuration.

    For Windows server web.config configuration may be the cause, for Linux check additional directives and .htaccess files.

     

    Also, please, try this:

    If 301 redirect is enabled:

    Go to Domains > example.com > Hosting Settings and perform the following steps:

    • Set Preferred domain to none.

    • Uncheck the option Permanent SEO-safe 301 redirect from HTTP to HTTPS.

    • Issue a Let's Encrypt certificate in Domains > example.com > Let's Encrypt.

    If 302 redirect is enabled:

    Go to Domains > example.com > Hosting Settings and perform the following steps:

    •  Turn off domain forwarding by changing Hosting type to Hosting.

    • Issue a Let's Encrypt certificate in Domains > example.com > Let's Encrypt.
    0
    Comment actions Permalink
  • Avatar
    keith elman

    Changes to the 301 redirect option worked initially but when it came time to renew the cert again, Let's Encrypt would not renew so I tried these steps again but this time they didn't work!  There is no 302 redirect for this domain.  Plesk won't allow me to delete the cert (see error below).  I even tried deleting it in IIS 8 but on refreshing, it returned. Of course I disabled SSL on the domain before attempting to delete. Fresh out of ideas other than the drastic step of cloning the site to another webspace and starting all over.

    Unable to remove SSL/TLS certificates. One or more certificates are used by websites.

    0
    Comment actions Permalink
  • Avatar
    Alex Laforge

    This solution does not apply anymore in Plesk Obsidian, as Plesk does not use the /.well-kown/ files anymore !

    Instead, Plesk use a TXT record to the DNS Zone. That is useless, because we use another Name Server, and Plesk does not act as Name Server. How to have Plesk Obsidian Windows still using the good old reliable /.well-known/ method ?

    0
    Comment actions Permalink
  • Avatar
    Anzhelika Khapaknysh

    @Alex Laforge,

    As far as I see, you have already created a ticket for our Support Team and the issue is solved.

    0
    Comment actions Permalink
  • Avatar
    Alex Laforge

    Hi Anzhelika Khapaknysh,

    Yes, your technical support solved the situation. In fact, for those who come to this page, you must know that, to issue certificates, Let's Encrypt servers use two types of challenges:

    • HTTP-01 for issuing regular certificates - the token is checked at the URL http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>.
    • DNS-01 for issuing wildcard certificates - the token is checked in the DNS TXT record _acme-challenge.<YOUR_DOMAIN>.

    More information are available at this page https://letsencrypt.org/docs/challenge-types/

    I wish that this information wouldbe more clearly displayed inside Plesk, or on the SSL-related Plesk Documentation pages.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Alex,

    Glad to hear it's resolved and thank you for the feedback, I've forwarded it to the team in charge.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request