Applicable to:
- Plesk for Linux
Symptoms
Unable to install Let's Encrypt SSL on a domain:
CONFIG_TEXT: Could not issue a Let's Encrypt SSL/TLS certificate for example.com
The authorization token is not available at http://example.com/.well-known/acme-challenge/-Xg1yPQvccyqLwJd1WzlHiTqWij6tN2qec9vmHPI450.
To resolve the issue, make it is possible to download the token file via the above URL.
See the related Knowledge Base article for details. Additional error details: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/XPcIHB-ABEXNMrIabJgDysQ8G8nSA5cPOPl-TkDfjpM.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://example.com/.well-known/acme-challenge/-Xg1yPQvccyqLwJd1WzlHiTqWij6tN2qec9vmHPI450: "404 Not Found
Domain resolves globally to several IPs:
# dig +short example.com
203.0.113.2
203.0.113.3
203.0.113.4
203.0.113.5
Only 1 IP is listed in apache's configuration for a domain on a Plesk server:
# grep '<VirtualHost' /var/www/vhosts/system/example.com/conf/httpd.conf
<VirtualHost 203.0.113.2:443 >
<VirtualHost 203.0.113.2:80 >
Domain example.com does not work: it shows Default Webserver Page
Cause
Let's Encrypt does not support such a configuration: it requires domain be accessible on a certain IP only.
Resolution
This configuration is not supported in Plesk and Let's Encrypt.
As a one-time workaround, specify all IPs in domain's apache configuration so that SSL can be installed:
1. Connect to the server using SSH
2. Create a backup of the current configuration:
# cp /var/www/vhosts/system/example.com/conf/httpd.conf /var/www/vhosts/system/example.com/conf/httpd.conf_backup
3. Open the file in a text editor:
# vi /var/www/vhosts/system/example.com/conf/httpd.conf
4. Copy all <VirtualHost> sections for all IPs that domain resolve to:
CONFIG_TEXT: <VirtualHost 203.0.113.2:443>
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.2:80 >
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.3:443>
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.3:80 >
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.4:443>
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.4:80 >
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.5:443>
ServerName...
....
</VirtualHost>
<VirtualHost 203.0.113.5:80 >
ServerName...
....
</VirtualHost>
5. Install SSL in Domains > example.com > Let's Encrypt
6. Revert changes in configuration back (they will be rewritten anyway after installing updates):
# mv /var/www/vhosts/system/example.com/conf/httpd.conf_backup /var/www/vhosts/system/example.com/conf/httpd.conf
Comments
0 comments
Please sign in to leave a comment.