Articles in this section

See more

Unable to issue a Let's Encrypt certificate for domain with forwarding hosting type: nginx is not installed or is disabled on the Plesk server

Avatar
Daniel Yordanov
Updated
kb: bug kb: fixed Plesk for Linux ext: sslit

Applicable to:

  • Plesk for Linux

Symptoms

  • The Forwarding hosting type is set for the domain in Plesk > Domains > example.com > Hosting & DNS tab > Hosting Settings and when trying to issue a Let's Encrypt certificate in Domains > example.com > SSL/TLS Certificates, an error that is similar to the following is shown:

    CONFIG_TEXT:Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
    The authorization token is not available at http://example.com/.well-known/acme-challenge/vjcxCwV74PbWUvnMTT2o5MeWP8z0rg054SP_IfIYfXg.
    To resolve the issue, make sure that the token file can be downloaded via the above URL.
    Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/76408809540.
    Details:
    Type: urn:ietf:params:acme:error:unauthorized
    Status: 403
    Detail: Invalid response from https://example.com/.well-known/acme-challenge/vjcxCwV74PbWUvnMTT2o5MeWP8z0rg054SP_IfIYfXg

  • The SSL It! extension that is installed on the server is versions 1.9.9 or lower

Cause

If nginx is disabled on the server, it is not possible to use Let's Encrypt in order to secure a domain with the Forwarding hosting type with an SSL certificate by design.

Due to this, the button that lets you issue a Let's Encrypt SSL certificate for such a domain should not be visible in the Plesk GUI.

The existence of the button was recognized as a bug with ID #EXTSSLIT-1871 and was resolved permanently when SSL It! 1.9.10 was released on 10 February 2022.

Resolution

Since the mentioned Plesk GUI visible button bug has been resolved permanently already, you should update the SSL It! extension to its latest version by using the steps in this article:

How to manage Plesk extensions (install, disable, remove, update)

If you need to secure a domain that has the Forwarding hosting type with an Let's Encrypt SSL certificate, you need to apply the following steps:

Click on a section to expand

Secure the Forwarding hosting type domain with a Let's Encrypt SSL certificate
  1. Log into Plesk
  2. Install and enable nginx on the server
  3. Issue the Let's Encrypt SSL certificate

Comments

2 comments

Sort by Date Votes
  • Avatar
    B3 Support (Edited )

    This problem still seems to exist.

    Plesk 18.0.63
    SSL IT 1.15.3-3574
    LetsEncrypt 3.2.8-3078
    Webserver Apache

    Website is configured as Forward Hosting.

    Invalid response from .https://acme-v02.api.letsencrypt.org/acme/authz-v3/1234567890
    Details:
    Type: urn:ietf:params:acme:error:unauthorized
    Status: 403
    Detail: 123.123.123.123: Invalid response from https://mydomain.de/forward/.well-known/acme-challenge/xyz34544565656565656: 404

    We have now removed the Certificate, but there is no option available to secure the Website with a new LetsEncrypt Certificate again.

    The option to request a certificate with LetsEncrypt is only available if hosting type is set to "Website".

    We have found this discussion https://talk.plesk.com/threads/lets-encrypt-doesnt-work-if-hosting-type-forwarding-is-selected.357308/
    A comment from June 2023 stated that this is only possible if nginx is activated.

    0
  • Avatar
    B3 Support (Edited )

    We've fixed the problem with a workaround.

    We've replaced the RedirectPermant with a RedirectMatch statement:

    RedirectMatch 301 ^(?!/\.well-known).* "https://foo.bar/boo/"

    To make this change permanent, you have to edit the configuration templates.

    Create the custom folder under:

    cd /opt/psa/admin/conf/templates/
    mkdir -p custom/domain

    Copy the source template:

    cp /opt/psa/admin/conf/templates/default/domain/standardForwarding.php \
        /opt/psa/admin/conf/templates/custom/domain/

    Replace the RedirectPermanent at line 64:

    vi /opt/psa/admin/conf/templates/custom/domain/standardForwarding.php

    Before:

    <?php if (302 == $VAR->domain->forwarding->redirectHttpCode): ?>
        RedirectTemp / "<?php echo $VAR->domain->forwarding->redirectUrl ?>"
    <?php else: ?>
        RedirectPermanent / "<?php echo $VAR->domain->forwarding->redirectUrl ?>"
    <?php endif; ?>

    After:

    <?php if (302 == $VAR->domain->forwarding->redirectHttpCode): ?>
        RedirectTemp / "<?php echo $VAR->domain->forwarding->redirectUrl ?>"
    <?php else: ?>
        RedirectMatch 301 ^(?!/\.well-known).* "<?php echo $VAR->domain->forwarding->redirectUrl ?>"
    <?php endif; ?>

     

    But this is only a workaround, please fix this annoying error.

    0

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles