- Attempt to renew a Let's Encrypt certificate for example.com fails with the following error:
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
The authorization token is not available at https://example.com/.well-known/acme-challenge/_PyrEDyxR19o6h7cIE_n7p_QCmRzCQ7KGzKeQg0nMXI.
The token file 'C:\Inetpub\vhosts\example.com\httpdocs\exp\.well-known\acme-challenge_PyrEDyxR19o6h7cIE_n7p_QCmRzCQ7KGzKeQg0nMXI' is either unreadable or does not have the read permission.
To resolve the issue, correct the permissions on the token file to make it is possible to download it via the above URL.
See the related Knowledge Base article for details.
- The option Permanent SEO-safe 301 redirect from HTTP to HTTPS is enabled in Domains > example.com > Hosting Settings
Redirect is enabled.
Issuing certificate is possible only after passing the challenge.
Challenge works only via HTTP and no redirection should be enabled.
Therefore, it is required to disable redirect temporarily:
Disable option Permanent SEO-safe 301 redirect from HTTP to HTTPS in Plesk > Domains > example.com > Hosting Settings
Renew the certificate: Domains > example.com > Let's Encrypt > Renew
Enable Permanent SEO-safe 301 redirect from HTTP to HTTPS