- Plesk for Linux
- Plesk for Windows
Installation of a Let's Encrypt certificate fails with one of the following error message in Plesk UI:
PLESK_ERROR: The authorization token is not available at http://example.com/.well-known/acme-challenge/Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM.
The token file 'С:\Inetpub\vhosts\example.com\.well-known\acme-challenge\Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM' is either unreadable or does not have the read permission.
PLESK_ERROR: Detail: Fetching https:/example.com/.well-known/acme-challenge/zQgf775Mm4z72VrrSybdlS725tk1IuSTrrwBaEoqzOg: Error getting validation data
.htmlfile located in the directory mentioned in the error, e.g
С:\Inetpub\vhosts\example.com\.well-known\acme-challenge, is not accessible from the Internet with the following error message in a browser:
PLESK_INFO: HTTP Error 403.14 - Forbidden
The page you are trying to access is secured with Secure Sockets Layer (SSL).
The following warning can be found at Plesk > Domains > example.com > Logs:
PLESK_INFO: WARN [extension/letsencrypt] Cannot check the token file is readable by others
Rewrite rules to HTTPS that are enabled in domain settings prevent the challenge from happening. Issuance of a Let's Encrypt certificate works only via HTTP.
Go to Domains > example.com > File Manager and remove
Temporary disable the option Permanent SEO-safe 301 redirect from HTTP to HTTPS at Domains > example.com > Hosting Settings:
Disable custom redirect rules:
.htaccess.orig: Open Domains > example.com > File Manager > Click next to the
.htaccessfile > click Rename.
Temporary disable the option Require SSL/TLS at Domains > example.com > IIS Settings:
web.config.orig: Open Domains > example.com > File Manager > Click next to the
web.configfile > click Rename.
Connect to the server via RDP and disable all HTTP<->HTTPS rules in IIS Manager at Server > Sites > example.com > URL Rewrite:
Install a Let's Encrypt certificate at Domains > example.com > Let's Encrypt.