Unable to issue a Let's Encrypt certificate: The token file is either unreadable or does not have the read permission

Follow

Comments

13 comments

  • Avatar
    Glenn

    Does anyone actually monitor these pages anymore?

     

    0
    Comment actions Permalink
  • Avatar
    Lev Iurev

    Hi Glenn, as I can see the issue was addressed in the ticket.

    We updating the articles on the regular basis, for the issue investigation it is better to create a ticket to our support department

    -1
    Comment actions Permalink
  • Avatar
    peterbo (Edited )

    This is not a resolution or a fix - this is an emergency workaround. When will this be fixed again? This problem seems to have come up with version 18.0.27 or some version of the Lets Encrypt extension. I can't do this for 200+ Domains. What is the status of EXTLETSENC-769?

    4
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello peterbo

    See, the comment in https://support.plesk.com/hc/en-us/articles/115003199234

    0
    Comment actions Permalink
  • Avatar
    soufianejayden

    hello i have also this issue when i install certificate

    Error: Could not issue a Let's Encrypt SSL/TLS certificate for newchoice.ga.

    One of the Let's Encrypt rate limits has been exceeded for newchoice.ga.
    See the related Knowledge Base article for details.
    Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-order.
    Details:
    Type: urn:ietf:params:acme:error:rateLimited
    Status: 429
    Detail: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
    0
    Comment actions Permalink
  • Avatar
    Marc Serra

    Ivan Postnikov I'm agree with peterbo: this is not a resolution or a fix - this is an emergency workaround

    Your link does not solve the problem.

    We are a couple of plesk user affected, look: https://community.letsencrypt.org/t/suddenly-timeout-during-connect-likely-firewall-problem-for-www-subdomain/176267/24

    2
    Comment actions Permalink
  • Avatar
    El seu domini

    Totally agree.

    If you have a large number of domains, this emergency workaround is an important time waste.

    1
    Comment actions Permalink
  • Avatar
    FEJIDIF

    Another affected user here.

    Please, we need a definitive solution. This workaround is too much work for several domains.

    1
    Comment actions Permalink
  • Avatar
    Marc Serra

    To plesk developers: is there a way to find quickly all not secured www subdomains? meanwhile there not exist a final solution, could help to make our life easier

    1
    Comment actions Permalink
  • Avatar
    Marc Serra

    FYI: I was able to fix the last two errors renewing www subdomains only doing this steps:

    1. renaming .htaccess to .htaccess_tmp
    2. renew base domain and www subdomain as usual
    3. renaming .htaccess_tmp to .htaccess

    Finally, I must insist... all the affected domains can auto renew certificates automatically for several months. No changes on .htaccess files in this time.

    1
    Comment actions Permalink
  • Avatar
    laurent ongaro (Edited )

    I've the same issue with each domain of my 10 wordpress sites since their migration from my old server (plesk Onyx) to my new one that uses plesk obsidian.
    On the old server, no issue to renew the let's encrypt SSL certificats.
    The certificats have been migrated and the're active but I can't renew them.

    Each try produces a similar message to the following one:

    Could not issue an SSL/TLS certificate for gameamea.com
    Details

    Could not issue a Let's Encrypt SSL/TLS certificate for gameamea.com. Authorization for the domain failed.

    Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/143372508687.

    Details:

    Type: urn:ietf:params:acme:error:connection

    Status: 400

    Detail: 188.165.206.11: Fetching http://gameamea.com/.well-known/acme-challenge/FwTLV8xuQAZT8b4qkq4kdEh7yKSI5tlgBK5VKz2Iq0o: Timeout during connect (likely firewall problem)
     
    I've tried:
    - to uncheck  the "Permanent SEO-safe 301 redirect from HTTP to HTTPS " redirection
    - to temporary rename (ie disable) the .htaccess file
    - to remove the IPV6 address
    - to set the "Preferred domain" to the 3 different settings available
    - to delete the ".well-known" folder
    - to disable the "Redirect from http to https" option when renewing

    and nothing works !!
    Please Do you have a solution ?
    0
    Comment actions Permalink
  • Avatar
    Michael Koontz

    laurent ongaro Since Let's Encrypt certificates are free, one solution would be to simply remove the certificates from each domain and request new ones.

    The other option would be to try something that is listed here in the article I'm pasting below which is not a Plesk article. It is just an article from 2020 about migrating Let's Encrypt Certificates.

    https://blomsmail.medium.com/how-to-reuse-a-lets-encrypt-certificate-on-a-new-server-19e7224e4d81

    P.S. Do your own research before proceeding with either option. Perform either of these tasks at your own risk and know what you are doing before you do. Also, I am not a Plesk employee, just a customer like you.

    0
    Comment actions Permalink
  • Avatar
    laurent ongaro (Edited )

    Thanks for your help Michael

    Deleting the certificate instead of renewing it worked for one domaine (gameamea.com) but not for another one (finke-habitat.fr).
    The Plesk configurations seem identical on both sites, except that the first one has no assigned IPV6 .
    I've removed the IPV6 from the second one, and I'll try again in 24h to let the time for the DNS change to be propagated.

    The page on the link you gave me is not usefull for me because my configuration (Plesk) is different, and the migration of the SSL certificats was successful in my case

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request