Applicable to:
- Plesk for Linux
Symptoms
-
The Forwarding hosting type is set for the domain in Plesk > Domains > example.com > Hosting & DNS tab > Hosting Settings and when trying to issue a Let's Encrypt certificate in Domains > example.com > SSL/TLS Certificates, an error that is similar to the following is shown:
CONFIG_TEXT:Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
The authorization token is not available at http://example.com/.well-known/acme-challenge/vjcxCwV74PbWUvnMTT2o5MeWP8z0rg054SP_IfIYfXg.
To resolve the issue, make sure that the token file can be downloaded via the above URL.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/76408809540.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Invalid response from https://example.com/.well-known/acme-challenge/vjcxCwV74PbWUvnMTT2o5MeWP8z0rg054SP_IfIYfXg -
The SSL It! extension that is installed on the server is versions 1.9.9 or lower
Cause
If nginx is disabled on the server, it is not possible to use Let's Encrypt in order to secure a domain with the Forwarding hosting type with an SSL certificate by design.
Due to this, the button that lets you issue a Let's Encrypt SSL certificate for such a domain should not be visible in the Plesk GUI.
The existence of the button was recognized as a bug with ID #EXTSSLIT-1871 and was resolved permanently when SSL It! 1.9.10 was released on 10 February 2022.
Resolution
Since the mentioned Plesk GUI visible button bug has been resolved permanently already, you should update the SSL It! extension to its latest version by using the steps in this article:
How to manage Plesk extensions (install, disable, remove, update)
If you need to secure a domain that has the Forwarding hosting type with an Let's Encrypt SSL certificate, you need to apply the following steps:
Click on a section to expand
Comments
2 comments
This problem still seems to exist.
Plesk 18.0.63
SSL IT 1.15.3-3574
LetsEncrypt 3.2.8-3078
Webserver Apache
Website is configured as Forward Hosting.
Invalid response from .https://acme-v02.api.letsencrypt.org/acme/authz-v3/1234567890
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: 123.123.123.123: Invalid response from https://mydomain.de/forward/.well-known/acme-challenge/xyz34544565656565656: 404
We have now removed the Certificate, but there is no option available to secure the Website with a new LetsEncrypt Certificate again.
The option to request a certificate with LetsEncrypt is only available if hosting type is set to "Website".
We have found this discussion https://talk.plesk.com/threads/lets-encrypt-doesnt-work-if-hosting-type-forwarding-is-selected.357308/
A comment from June 2023 stated that this is only possible if nginx is activated.
We've fixed the problem with a workaround.
We've replaced the RedirectPermant with a RedirectMatch statement:
To make this change permanent, you have to edit the configuration templates.
Create the custom folder under:
Copy the source template:
Replace the RedirectPermanent at line 64:
Before:
After:
But this is only a workaround, please fix this annoying error.
Please sign in to leave a comment.