Unable to issue a Let's Encrypt certificate in Plesk: The authorization token is not available

Plesk Agent shadow

Updated January 13, 2026 19:11

Plesk for Windows kb: technical ext: le

Applicable to:

Unable to issue an SSL certificate using Let's Encrypt in Domains > example.com > SSL/TLS Certificates:

Could not issue an SSL/TLS certificate for example.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
The authorization token is not available at http://example.com/.well-known/acme-challenge/6AkQ-N5vdWobP0yM2Wq9jJ8S6TKt0R1DCXfsGUGCdAY.
To resolve the issue, make sure that the token file can be downloaded via the above URL.
The authorization token URL mentioned in the error can not be accessed via web browser failing with a 503 error.
The application pool acme-challenge stops when the authorization token URL is accessed via a web browser .
This can be checked in Windows, Internet Information Services (IIS) Manager > ServerName > Application Pools:

The user acme-challenge is not set/or doesn't have the correct permissions set to the app pool folder C:\Inetpub\temp\appools\acme-challenge

Set the user acme-challenge and/or delegate "Full Control" permission to the acme-challenge app pool folder.

Connect to the server via RDP
Right-click on the folder C:\Inetpub\temp\appools\acme-challenge, then click on Properties.
On the Security tab, check that the acme-challenge user exists and that it has full control permission on the folder.
Click Apply button.
Re-issue SSL certificate in Domains > example.com > SSL/TLS Certificates.