Articles in this section

A website hosted in Plesk for Windows Server is not accessible over HTTP and fails to be secured by Let's Encrypt: HTTP Error 403.4 - Forbidden

Kuzma Ivanov
Updated
Plesk for Windows kb: technical ext: le

Applicable to:

  • Plesk for Windows

Symptoms

  • When opening a website over HTTP in a web-browser, the following error is shown:

    PLESK_INFO: Forbidden
    You do not have permission to access this document.

  • When opening this website in a web-browser from the Windows Server where the website is hosted, the error is:

    PLESK_INFO: 403.4 Forbidden The page you are trying to access is secured with Secure Sockets Layer (SSL).

    Module IIS Web Core
    Notification BeginRequest
    Handler ExtensionlessUrlHandler-Integrated-4.0
    Error Code 0x80070005
    Requested URL http://example.com:80/
    Physical Path C:\Inetpub\vhosts\example.com\httpdocs
    Logon Method Not yet determined
    Logon User Not yet determined

    More Information:
    This error means that the requested Web page requires SSL. Try to browse to the same URL, but use "https:" instead of "http:".

  • When issuing / renewing a Let's Encrypt certificate for this domain, the operation fails with:

    PLESK_ERROR: Could not issue an SSL/TLS certificate for example.com
    ...
    The authorization token is not available at http://example.com/.well-known/acme-challenge/iF3RL6ACkbhfXrUW5I84u6hur7Qgfdslb8QNGlvMpzo.
    ...
    Details:
    Type: urn:ietf:params:acme:error:unauthorized
    Status: 403
    Detail: 203.0.113.2: Invalid response from http://example.com/.well-known/acme-challenge/iF3RL6ACkbhfXrUW5I84u6hur7Qgfdslb8QNGlvMpzo: 403

Cause

The Require SSL/TLS option is enabled for the domain in Plesk at Domains > example.com > Hosting & DNS > IIS Settings.


Screenshot_2019-09-27_IIS_Settings_for_example_com_-_Plesk_Onyx_17_8_11.png

Because of the Require SSL/TLS option, a web-browser forces HTTPS secure connection, but the website is served over HTTP and the 403 forbidden error is returned.

Let's Encrypt requires the website to be accessible over port 80 as it uses HTTP-01 challenge

Resolution

To make the website accessible over HTTP, disable the Require SSL/TLS IIS option:

 

  • in Plesk

    1. Log in to Plesk.

    2. Go to Domains > example.com > Hosting & DNS > IIS Settings.

    3. Disable Require SSL/TLS option under the section Directory Security Settings.

    4. Apply the changes.

 

  • in IIS Manager

    1. Connect to the Plesk server via RDP.

    2. Disable Require SSL option in IIS Manager at Sites > example.com > SSL Settings and apply the changes.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.