Applicable to:
- Plesk Onyx for Linux
Symptoms
-
Unable to install Let's Encrypt certificate either for a domain example.com in Domains > example.com > Let's Encrypt or for securing Plesk in Tools & Settings > SSL/TLS Certificates > Let's Encrypt, with one of the following error messages:
PLESK_ERROR: Detail: Fetching http://example.com/.well-known/acme-challenge/do75fK79n_uF9JimlezVpQQQfmvHaOVd7T8cjZKVvWk: Timeout during connect (likely firewall problem)
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
Details:
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/dlJ9iUsYRM51xlzLkS8KpRJYccRh1yKRUJEPgLMoRFc.
Details:
Type: urn:acme:error:connection
Status: 400
Details: Fetching https://example.com:8443/.well-known/acme-challenge/44DVtYx2WBKaujKCYO7tOxZ4nS2-m_-Ci5dLoQw0X34 Error getting validation data -
Port 80 is shown as
filtered(the below command should be executed on an external PC or server, not on the Plesk server):# nmap -p 80 example.com
PORT STATE SERVICE
80/tcp filtered httpOr IPv6:
# nmap -6 -Pn -p80 example.com
PORT STATE SERVICE
80/tcp filtered http -
The domain
example.comresolves to the IP address of the Plesk server:# dig +short example.com
203.0.113.2Or IPv6:
# dig +short -t AAAA example.com
2001:db8:f61:a1ff:0:0:0:80 -
The domain example.com is hosted on the same Plesk server, and only IPv4 address is assigned to it in Domains > example.com > Web Hosting Access.
-
The following error might be shown when accessing http://example.com in the browser:
CONFIG_TEXT: This site can’t be reached
ERR_CONNECTION_TIMED_OUT
Cause
Port 80 is filtered by a firewall.
Resolution
Note: If domain example.com resolves to IPv4 and IPv6, HTTP and HTTPS traffic must be allowed to both networks.
- If the firewall is configured on the Plesk server, open the port 80 for incoming connections as described in the article What ports need to be opened for all Plesk Services to work with a firewall
- If Plesk is installed on a public cloud service, follow the instructions to open port 80: for Amazon EC2, for Amazon Lightsail, for Google Cloud, for Microsoft Azure, for Alibaba Cloud.
- If some intermediate firewall/router is configured between the Plesk server and an external network, port 80 should be opened on it as well.
Additional Information
What ports need to be opened for all Plesk Services to work with a firewall
Comments
4 comments
I'm getting this error even though the port is showing as open and all other domains on the same machine can renew their certificate
Hello @Richard,
In this case, the most probable cause of such behavior is 301/302 redirect configured for this website.
Please, try this:
If 301 redirect is enabled:
Go to Domains > example.com > Hosting Settings and perform the following steps:
Set Preferred domain to none.
Uncheck the option Permanent SEO-safe 301 redirect from HTTP to HTTPS.
If 302 redirect is enabled:
Go to Domains > example.com > Hosting Settings and perform the following steps:
Turn off domain forwarding by changing Hosting type to Hosting.
In case this does not help, inspect website code and website configuration for hardcoded redirects.
301 and 302 redirects are off. I even tried creating a new subscription to ensure no extra code was creating errors with the redirect.
Hello @Ricard,
Please contact Plesk technical support for assistance:
https://support.plesk.com/hc/en-us/requests/new
Please sign in to leave a comment.