Applicable to:
- Plesk 12.5
- Plesk Onyx
Symptoms
- Unable to issue Let's Encrypt certificate for securing Plesk page:
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed. Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/JwiJ1oPnjy-8ahXSzgbObDNjn9CrcIjzs87_H_7wEz8. Details:Type: urn:acme:error:unauthorized Status: 403. Detail: Invalid response from http://example.com/.well-known/acme-challenge/BjH29Kw9Ttp5bV1QV2kCFpAsGWEfONGUu4iY3bR_GqM:
- Plesk server hostname is some-subdomain.example.com. In the same time there is domain example.com with wildcard subdomain *.example.com.
Cause
It is a bug in the Let's Encrypt with ID EXTLETSENC-383 . The fix is planned to be included in one the next updates of the extension.
Resolution
The only workaround is to disable wildcard subdomain *.example.com for the time of issuing certificate for Plesk, however this will break panel certificate future renewal.
To disable wildcard subdomain:
- Login to Plesk as admin user.
- Go to Domains > *.example.com > Disable.
Comments
6 comments
After a year and still this isn't resolved.
Lets Encrypt does support wildcard SSL
Hi @David Roussel,
I recommend installing wildcard SSL certificate for example.com and then setting this certificate as the one for securing Plesk instead of trying to issue another one just for any-sub-domain.example.com. See the following article on how to create a wildcard Let's Encrypt certificate with Plesk:
https://support.plesk.com/hc/en-us/articles/115000490174-How-to-install-wildcard-certificates-with-Let-s-Encrypt-
Hi,
Is the Letsencrypt bug solved? Is there a way to keep en eye on it?
Hello Nicola Urbinati
Currently, this bug is unresolved.
Follow this article to receive an update over email:
Done, thank you.
You can also disable the http to https redirect and issue a certificate afterwards. After you got a certificate you can enable the redirect again.
Please sign in to leave a comment.