Articles in this section

See more

Unable to install Let's Encrypt SSL on a domain with multiple IPs: 403 Invalid response from

Avatar
Yulia Plokhotnikova
Updated
Follow

Applicable to:

  • Plesk for Linux

Symptoms

Unable to install Let's Encrypt SSL on a domain:

CONFIG_TEXT: Could not issue a Let's Encrypt SSL/TLS certificate for example.com
The authorization token is not available at http://example.com/.well-known/acme-challenge/-Xg1yPQvccyqLwJd1WzlHiTqWij6tN2qec9vmHPI450.
To resolve the issue, make it is possible to download the token file via the above URL.
See the related Knowledge Base article for details. Additional error details: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/XPcIHB-ABEXNMrIabJgDysQ8G8nSA5cPOPl-TkDfjpM.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://example.com/.well-known/acme-challenge/-Xg1yPQvccyqLwJd1WzlHiTqWij6tN2qec9vmHPI450: "404 Not Found

Domain resolves globally to several IPs:

# dig +short example.com
203.0.113.2
203.0.113.3
203.0.113.4
203.0.113.5

Only 1 IP is listed in apache's configuration for a domain on a Plesk server:

# grep '<VirtualHost'  /var/www/vhosts/system/example.com/conf/httpd.conf
<VirtualHost 203.0.113.2:443 >
<VirtualHost 203.0.113.2:80 >

Domain example.com does not work: it shows Default Webserver Page

Cause

Let's Encrypt does not support such a configuration: it requires domain be accessible on a certain IP only.

Resolution

This configuration is not supported in Plesk and Let's Encrypt.

As a one-time workaround, specify all IPs in domain's apache configuration so that SSL can be installed:

1. Connect to the server using SSH

2. Create a backup of the current configuration:

# cp /var/www/vhosts/system/example.com/conf/httpd.conf /var/www/vhosts/system/example.com/conf/httpd.conf_backup

3. Open the file in a text editor:

# vi /var/www/vhosts/system/example.com/conf/httpd.conf

4. Copy all <VirtualHost> sections for all IPs that domain resolve to:

CONFIG_TEXT: <VirtualHost 203.0.113.2:443>
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.2:80 >
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.3:443>
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.3:80 >
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.4:443>
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.4:80 >
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.5:443>
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.5:80 >
ServerName...
....
</VirtualHost>

5. Install SSL in Domains > example.com > Let's Encrypt

6. Revert changes in configuration back (they will be rewritten anyway after installing updates):

# mv /var/www/vhosts/system/example.com/conf/httpd.conf_backup /var/www/vhosts/system/example.com/conf/httpd.conf

 

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles