Articles in this section

Unable to issue a Let's Encrypt certificate: The token file is either unreadable or does not have the read permission

Vincent Lauton
Updated
Plesk for Windows Plesk for Linux kb: technical ext: le ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • Installation of a Let's Encrypt certificate fails with one of the following error message in Plesk UI:

    PLESK_ERROR: The authorization token is not available at http://example.com/.well-known/acme-challenge/Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM.
    The token file 'С:\Inetpub\vhosts\example.com\.well-known\acme-challenge\Ab87T7gZtQeJBq0C2I44O9egoe-WXTTlE-hBmdvDCHM' is either unreadable or does not have the read permission.

    PLESK_ERROR: Detail: Fetching https:/example.com/.well-known/acme-challenge/zQgf775Mm4z72VrrSybdlS725tk1IuSTrrwBaEoqzOg: **Error getting validation data

    PLESK_ERROR: Could not issue an SSL/TLS certificate for example.com
    Details
    Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
    Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/1708718328.
    Details:
    Type: urn:ietf:params:acme:error:connection
    Status: 400
    Detail: Fetching https://www.example.com/.well-known/acme-challenge/8DdIKX257k6Dih5s_saeVMpTnjPJdKO5Ase0OCiJrIw: Timeout during connect (likely firewall problem)

  • The option Permanent SEO-safe 301 redirect from HTTP to HTTPS is enabled in Domains > example.com > Hosting & DNS tab > Hosting Settings.

Cause

Rewrite rules to HTTPS prevent issuing of the Let's Encrypt certificate.

Resolution

  1. Log into Plesk

  2. Go to Domains > example.com > File Manager and remove the .well-known directory

  3. Temporarily disable the option Permanent SEO-safe 301 redirect from HTTP to HTTPS in Domains > example.com > Hosting & DNS Settings tab > Hosting Settings:

  4. Disable custom redirect rules:

    for Linux:
    • Rename .htaccess file into .htaccess.orig: Open Domains > example.com > File Manager > Click next to the .htaccess file > click Rename
    for Windows:
    • Rename web.config file into web.config.orig: Open Domains > example.com > File Manager > Click next to the web.config file > click Rename

    • Connect to the server via RDP and disable all HTTP<->HTTPS rules in IIS Manager at Server > Sites > example.com > URL Rewrite:

  5. Install a Let's Encrypt certificate at Domains > example.com > SSL/TLS Certificates

 

 

Was this article helpful?

Comments

2 comments
Date Votes
  • Avatar
    Mohamed ali Sahnoun

    i followed all the steps but this not working for me 

    0
  • Avatar
    Jaap Verhofstad

    This is not a solution for me because I use the .well-known directory for other things. It is not workable to have to delete and then restore this directory every 3 months.

    0

Please sign in to leave a comment.