Articles in this section

See more

Unable to issue a Let's Encrypt certificate: The token file is either unreadable or does not have the read permission

Avatar
Julian Bonpland Mignaquy
Updated
Follow
Plesk for Windows Plesk for Linux kb: technical ext: le

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • Installation of a Let's Encrypt certificate fails with one of the following error message in Plesk UI:

    PLESK_ERROR: The authorization token is not available at http://example.com/.well-known/acme-challenge/Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM.
    The token file 'С:\Inetpub\vhosts\example.com\.well-known\acme-challenge\Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM' is either unreadable or does not have the read permission.

    PLESK_ERROR: Detail: Fetching https:/example.com/.well-known/acme-challenge/zQgf775Mm4z72VrrSybdlS725tk1IuSTrrwBaEoqzOg: **Error getting validation data

    PLESK_ERROR: Could not issue an SSL/TLS certificate for example.com
    Details
    Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
    Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/1708718328.
    Details:
    Type: urn:ietf:params:acme:error:connection
    Status: 400
    Detail: Fetching https://www.example.com/.well-known/acme-challenge/8DdIKX257k6Dih5s_saeVMpTnjPJdKO5Ase0OCiJrIw: Timeout during connect (likely firewall problem)

  • Domains > example.com > Hosting Settings > Permanent SEO-safe 301 redirect from HTTP to HTTPS is enabled.

Cause

Rewrite rules to HTTPS prevent the issuing of a Let's Encrypt certificate.

Resolution

  1. Log into Plesk.

  2. Go to Domains > example.com > File Manager and remove .well-known directory.

  3. Temporary disable the option Permanent SEO-safe 301 redirect from HTTP to HTTPS at Domains > example.com > Hosting Settings:

  4. Disable custom redirect rules:

    for Linux:
    • Rename .htaccess file into .htaccess.orig: Open Domains > example.com > File Manager > Click next to the .htaccess file > click Rename.
    for Windows:

    • Temporary disable the option Require SSL/TLS at Domains > example.com > IIS Settings:

    • Rename web.config file into web.config.orig: Open Domains > example.com > File Manager > Click next to the web.config file > click Rename.

    • Connect to the server via RDP and disable all HTTP<->HTTPS rules in IIS Manager at Server > Sites > example.com > URL Rewrite:

  5. Install a Let's Encrypt certificate at Domains > example.com > Let's Encrypt.

Additional Information

Failed to issue a Let's Encrypt certificate: 404 Not Found.

Comments

4 comments

Sort by Date Votes
  • Avatar
    Ivan Postnikov

    Hello peterbo

    See, the comment in https://support.plesk.com/hc/en-us/articles/115003199234

    0
    Comment actions Permalink
  • Avatar
    peterbo (Edited )

    This is not a resolution or a fix - this is an emergency workaround. When will this be fixed again? This problem seems to have come up with version 18.0.27 or some version of the Lets Encrypt extension. I can't do this for 200+ Domains. What is the status of EXTLETSENC-769?

    0
    Comment actions Permalink
  • Avatar
    Glenn

    Does anyone actually monitor these pages anymore?

     

    0
    Comment actions Permalink
  • Avatar
    Lev Iurev

    Hi Glenn, as I can see the issue was addressed in the ticket.

    We updating the articles on the regular basis, for the issue investigation it is better to create a ticket to our support department

    -1
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles