Articles in this section

See more

Unable to issue a Let's Encrypt certificate: The token file is either unreadable or does not have the read permission

Avatar
Julian Bonpland Mignaquy
Updated
Follow
Plesk for Windows Plesk for Linux kb: technical ext: le ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • Installation of a Let's Encrypt certificate fails with one of the following error message in Plesk UI:

    PLESK_ERROR: The authorization token is not available at http://example.com/.well-known/acme-challenge/Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM.
    The token file 'С:\Inetpub\vhosts\example.com\.well-known\acme-challenge\Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM' is either unreadable or does not have the read permission.

    PLESK_ERROR: Detail: Fetching https:/example.com/.well-known/acme-challenge/zQgf775Mm4z72VrrSybdlS725tk1IuSTrrwBaEoqzOg: **Error getting validation data

    PLESK_ERROR: Could not issue an SSL/TLS certificate for example.com
    Details
    Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
    Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/1708718328.
    Details:
    Type: urn:ietf:params:acme:error:connection
    Status: 400
    Detail: Fetching https://www.example.com/.well-known/acme-challenge/8DdIKX257k6Dih5s_saeVMpTnjPJdKO5Ase0OCiJrIw: Timeout during connect (likely firewall problem)

  • Domains > example.com > Hosting Settings > Permanent SEO-safe 301 redirect from HTTP to HTTPS is enabled.

Cause

Rewrite rules to HTTPS prevent the issuing of a Let's Encrypt certificate.

Resolution

  1. Log into Plesk.

  2. Go to Domains > example.com > File Manager and remove .well-known directory.

  3. Temporary disable the option Permanent SEO-safe 301 redirect from HTTP to HTTPS at Domains > example.com > Hosting Settings:

  4. Disable custom redirect rules:

    for Linux:
    • Rename .htaccess file into .htaccess.orig: Open Domains > example.com > File Manager > Click next to the .htaccess file > click Rename.
    for Windows:

    • Temporary disable the option Require SSL/TLS at Domains > example.com > IIS Settings:

    • Rename web.config file into web.config.orig: Open Domains > example.com > File Manager > Click next to the web.config file > click Rename.

    • Connect to the server via RDP and disable all HTTP<->HTTPS rules in IIS Manager at Server > Sites > example.com > URL Rewrite:

  5. Install a Let's Encrypt certificate at Domains > example.com > SSL/TLS Certificates.

Additional Information

Failed to issue a Let's Encrypt certificate: 404 Not Found.

Comments

10 comments

Sort by Date Votes
  • Avatar
    Glenn

    Does anyone actually monitor these pages anymore?

     

    0
    Comment actions Permalink
  • Avatar
    Lev Iurev

    Hi Glenn, as I can see the issue was addressed in the ticket.

    We updating the articles on the regular basis, for the issue investigation it is better to create a ticket to our support department

    -1
    Comment actions Permalink
  • Avatar
    peterbo (Edited )

    This is not a resolution or a fix - this is an emergency workaround. When will this be fixed again? This problem seems to have come up with version 18.0.27 or some version of the Lets Encrypt extension. I can't do this for 200+ Domains. What is the status of EXTLETSENC-769?

    4
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello peterbo

    See, the comment in https://support.plesk.com/hc/en-us/articles/115003199234

    0
    Comment actions Permalink
  • Avatar
    soufianejayden

    hello i have also this issue when i install certificate

    Error: Could not issue a Let's Encrypt SSL/TLS certificate for newchoice.ga.

    One of the Let's Encrypt rate limits has been exceeded for newchoice.ga.
    See the related Knowledge Base article for details.
    Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-order.
    Details:
    Type: urn:ietf:params:acme:error:rateLimited
    Status: 429
    Detail: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
    0
    Comment actions Permalink
  • Avatar
    Marc Serra

    Ivan Postnikov I'm agree with peterbo: this is not a resolution or a fix - this is an emergency workaround

    Your link does not solve the problem.

    We are a couple of plesk user affected, look: https://community.letsencrypt.org/t/suddenly-timeout-during-connect-likely-firewall-problem-for-www-subdomain/176267/24

    2
    Comment actions Permalink
  • Avatar
    El seu domini

    Totally agree.

    If you have a large number of domains, this emergency workaround is an important time waste.

    1
    Comment actions Permalink
  • Avatar
    FEJIDIF

    Another affected user here.

    Please, we need a definitive solution. This workaround is too much work for several domains.

    1
    Comment actions Permalink
  • Avatar
    Marc Serra

    To plesk developers: is there a way to find quickly all not secured www subdomains? meanwhile there not exist a final solution, could help to make our life easier

    1
    Comment actions Permalink
  • Avatar
    Marc Serra

    FYI: I was able to fix the last two errors renewing www subdomains only doing this steps:

    1. renaming .htaccess to .htaccess_tmp
    2. renew base domain and www subdomain as usual
    3. renaming .htaccess_tmp to .htaccess

    Finally, I must insist... all the affected domains can auto renew certificates automatically for several months. No changes on .htaccess files in this time.

    1
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles