Articles in this section

See more

Unable to renew Let's Encrypt certificate in Plesk: 403 Forbidden

Avatar
Danil Dmitrienko
Updated
Follow
Plesk Onyx for Linux Plesk Onyx for Windows kb: technical ext: le

Applicable to:

  • Plesk Onyx for Linux
  • Plesk Onyx for Windows

Symptoms

  • Let's Encrypt certificates fails to be issues or auto-renewed with the following error in Plesk UI

    PLESK_ERROR: Status: 403
    Detail:
    <head><title>403 Forbidden</title></head>
    <body bgcolor="white">
    <center><h1>403 Forbidden</h1></center>
    <hr><center>"

    PLESK_ERROR: Details:
    Type: urn:acme:error:unauthorized
    Status: 403
    Detail: Invalid response from http://example.com/.well-known/acme-challenge/WTAKI-FRel8tZZKYyhM2UfzvM9TWk02r4fZ__cjuCkU:

  • Website shows "403 Forbidden" error.

  • The following entries appear in /var/www/vhosts/system/example.com/logs/proxy_error_log :

    CONFIG_TEXT: [error] 11940#0: *46281 access forbidden by rule, client: 203.0.113.2, server: example.com, request: "GET /.well-known/assetlinks.json HTTP/1.1", host: "example.com"

Cause

Communication between website and Let's Encrypt servers is prevented by restrictive web server settings.

Resolution

For Linux servers

  1. Log into Plesk.

  2. Open Domains > example.com > Apache & nginx Settings:

    • Temporary remove deny directives, for example, as below from Additional Apache directives and Additional Nginx directives.

      CONFIG_TEXT: location ~ /\. { deny all; }

    • Set Deny access to the site to Default under Common Apache settings:

For Windows servers

  1. Log into Plesk.

  2. Open Domains > example.com > IIS Settings;

  3. Set Deny access to the site to Default under Common settings:

Comments

2 comments

Sort by Date Votes
  • Avatar
    Fran Le Bouleix (Edited )

    I have that same issue but this solution was not helpful:

    proxy error.log shows

    2020-04-08 17:11:39 Error 192.88.134.12 1742#0: *1481446 access forbidden by rule

    But: Common Apache settings show:
    - no Deny rules
    - Deny Access to the site is already = Default

    I also tried

    disabling Proxy mode for the domain and adding this
    location ^~ /.well-known/ {}

    to the domain's Additional Nginx directives, but that did not help either

    I am still seeing the same error.

    FYI:

      Plesk Onyx
    Version 17.8.11 Update #88, last updated on June 30, 2020

    LetsEncrypt Version: 2.10.2-633

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    Hello Fran Le Bouleix there is likely some other root cause. Please create a ticket to check the issue.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles