Applicable to:
- Plesk Obsidian for Windows
Symptoms
-
Unable to issue a Let's Encrypt certificate in Domains > example.com > SSL/TLS Certificates > Install > Get it free:
CONFIG_TEXT: Domain validation failed
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://example.com/.well-known/acme-challenge/uksG0XWFd8Yd6K51U09HosKjhS7jWF_xEMP5ru_OJ0Y
"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"> \n<html xmlns=\"http" -
A
test.txtfile created in%plesk_dir%var/acme-challengefolder is accessible via athttp://example.com/.well-known/acme-challenge/test.txtin a web browser. -
SSL It! extension is disabled or absent in Extensions > My Extensions.
Cause
SSL It! extension was installed and enabled previously.
The common challenge directory is automatically activated when SSL It! extension is installed. After disabling or uninstalling SSL It!, a common challenge directory is still enabled, but Let's Encrypt is unable to use it in standalone mode.
This is SSL It! extension bug with the ID #EXTSSLIT-867, that will be fixed in the next extension updates.
Resolution
Until the bug will be fixed, apply one of the solutions below:
-
Go to Extensions > My Extensions > SSL It!.
-
Press More and then Enabled button:
-
Log into the server via RDP.
-
Execute the command below to enable SSL It! extension:
C:\> plesk bin extension --enable sslit
-
Disable Common Challenge Directory:
C:\> plesk ext sslit --common-challenge-dir -disable
-
Disable SSl It! extension:
C:\> plesk bin extension --disable sslit
-
Log into the server via RDP.
-
Execute the command below to disable Common Challenge Directory:
C:\> plesk sbin websrvmng --remove-global-rewrite-rule --name=acme-challenge
Comments
Please sign in to leave a comment.