Articles in this section

See more

Unable to issue a Let's Encrypt certificate: The token file is either unreadable or does not have the read permission

Avatar
Anzhelika Khapaknysh
Updated
Follow

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • Installation of a Let's Encrypt certificate fails with one of the following error message in Plesk UI:

    PLESK_ERROR: The authorization token is not available at http://example.com/.well-known/acme-challenge/Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM.
    The token file 'С:\Inetpub\vhosts\example.com\.well-known\acme-challenge\Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM' is either unreadable or does not have the read permission.

    PLESK_ERROR: Detail: Fetching https:/example.com/.well-known/acme-challenge/zQgf775Mm4z72VrrSybdlS725tk1IuSTrrwBaEoqzOg: Error getting validation data

  • Optional symptoms:

    • A test .html file located in the directory mentioned in the error, e.g С:\Inetpub\vhosts\example.com\.well-known\acme-challenge, is not accessible from the Internet with the following error message in a browser:

      PLESK_INFO: HTTP Error 403.14 - Forbidden
      The page you are trying to access is secured with Secure Sockets Layer (SSL).

    • The following warning can be found at Plesk > Domains > example.com > Logs:

      PLESK_INFO: WARN [extension/letsencrypt] Cannot check the token file is readable by others

Cause

Rewrite rules to HTTPS that are enabled in domain settings prevent the challenge from happening. Issuance of a Let's Encrypt certificate works only via HTTP.

Resolution

  1. Log into Plesk.

  2. Go to Domains > example.com > File Manager and remove .well-known directory.

  3. Temporary disable the option Permanent SEO-safe 301 redirect from HTTP to HTTPS at Domains > example.com > Hosting Settings:

  4. Disable custom redirect rules:

    for Linux:

    • Rename .htaccess file into .htaccess.orig: Open Domains > example.com > File Manager > Click next to the .htaccess file > click Rename.

    for Windows:

    • Temporary disable the option Require SSL/TLS at Domains > example.com > IIS Settings:

    • Rename web.config file into web.config.orig: Open Domains > example.com > File Manager > Click next to the web.config file > click Rename.

    • Connect to the server via RDP and disable all HTTP<->HTTPS rules in IIS Manager at Server > Sites > example.com > URL Rewrite:

  5. Install a Let's Encrypt certificate at Domains > example.com > Let's Encrypt.

Additional Information

Failed to issue a Let's Encrypt certificate: 404 Not Found.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles