Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
Installation of a Let's Encrypt certificate fails with one of the following error message in Plesk UI:
PLESK_ERROR: The authorization token is not available at http://example.com/.well-known/acme-challenge/Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM.
The token file 'С:\Inetpub\vhosts\example.com\.well-known\acme-challenge\Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM' is either unreadable or does not have the read permission.PLESK_ERROR: Detail: Fetching https:/example.com/.well-known/acme-challenge/zQgf775Mm4z72VrrSybdlS725tk1IuSTrrwBaEoqzOg: **Error getting validation data
PLESK_ERROR: Could not issue an SSL/TLS certificate for example.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/1708718328.
Details:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: Fetching https://www.example.com/.well-known/acme-challenge/8DdIKX257k6Dih5s_saeVMpTnjPJdKO5Ase0OCiJrIw: Timeout during connect (likely firewall problem) -
The option Permanent SEO-safe 301 redirect from HTTP to HTTPS is enabled in Domains > example.com > Hosting & DNS tab > Hosting Settings.
Cause
Rewrite rules to HTTPS prevent issuing of the Let's Encrypt certificate.
Resolution
-
Go to Domains > example.com > File Manager and remove the
.well-known
directory. -
Temporarily disable the option Permanent SEO-safe 301 redirect from HTTP to HTTPS in Domains > example.com > Hosting & DNS Settings tab > Hosting Settings:
-
Disable custom redirect rules:
for Linux:- Rename
.htaccess
file into.htaccess.orig
: Open Domains > example.com > File Manager > Clicknext to the
.htaccess
file > click Rename.
for Windows:- Rename
web.config
file intoweb.config.orig
: Open Domains > example.com > File Manager > Clicknext to the
web.config
file > click Rename. -
Connect to the server via RDP and disable all HTTP<->HTTPS rules in IIS Manager at Server > Sites > example.com > URL Rewrite:
- Rename
-
Install a Let's Encrypt certificate at Domains > example.com > SSL/TLS Certificates.
Comments
13 comments
Does anyone actually monitor these pages anymore?
Hi Glenn, as I can see the issue was addressed in the ticket.
We updating the articles on the regular basis, for the issue investigation it is better to create a ticket to our support department
This is not a resolution or a fix - this is an emergency workaround. When will this be fixed again? This problem seems to have come up with version 18.0.27 or some version of the Lets Encrypt extension. I can't do this for 200+ Domains. What is the status of EXTLETSENC-769?
Hello peterbo
See, the comment in https://support.plesk.com/hc/en-us/articles/115003199234
hello i have also this issue when i install certificate
One of the Let's Encrypt rate limits has been exceeded for newchoice.ga.
See the related Knowledge Base article for details.
Details
Details:
Type: urn:ietf:params:acme:error:rateLimited
Status: 429
Detail: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Ivan Postnikov I'm agree with peterbo: this is not a resolution or a fix - this is an emergency workaround
Your link does not solve the problem.
We are a couple of plesk user affected, look: https://community.letsencrypt.org/t/suddenly-timeout-during-connect-likely-firewall-problem-for-www-subdomain/176267/24
Totally agree.
If you have a large number of domains, this emergency workaround is an important time waste.
Another affected user here.
Please, we need a definitive solution. This workaround is too much work for several domains.
To plesk developers: is there a way to find quickly all not secured www subdomains? meanwhile there not exist a final solution, could help to make our life easier
FYI: I was able to fix the last two errors renewing www subdomains only doing this steps:
Finally, I must insist... all the affected domains can auto renew certificates automatically for several months. No changes on .htaccess files in this time.
I've the same issue with each domain of my 10 wordpress sites since their migration from my old server (plesk Onyx) to my new one that uses plesk obsidian.
On the old server, no issue to renew the let's encrypt SSL certificats.
The certificats have been migrated and the're active but I can't renew them.
Each try produces a similar message to the following one:
- to delete the ".well-known" folder
- to disable the "Redirect from http to https" option when renewing
and nothing works !!
Please Do you have a solution ?
laurent ongaro Since Let's Encrypt certificates are free, one solution would be to simply remove the certificates from each domain and request new ones.
The other option would be to try something that is listed here in the article I'm pasting below which is not a Plesk article. It is just an article from 2020 about migrating Let's Encrypt Certificates.
https://blomsmail.medium.com/how-to-reuse-a-lets-encrypt-certificate-on-a-new-server-19e7224e4d81
P.S. Do your own research before proceeding with either option. Perform either of these tasks at your own risk and know what you are doing before you do. Also, I am not a Plesk employee, just a customer like you.
Thanks for your help Michael
Deleting the certificate instead of renewing it worked for one domaine (gameamea.com) but not for another one (finke-habitat.fr).
The Plesk configurations seem identical on both sites, except that the first one has no assigned IPV6 .
I've removed the IPV6 from the second one, and I'll try again in 24h to let the time for the DNS change to be propagated.
The page on the link you gave me is not usefull for me because my configuration (Plesk) is different, and the migration of the SSL certificats was successful in my case
Please sign in to leave a comment.