Articles in this section

Unable to issue Let's Encrypt certificate in Plesk: Status 400 - Timeout during connect (likely firewall problem)

Gabriel Aznarez
Updated
Plesk for Linux kb: technical Plesk Obsidian

Symptoms

  • Unable to issue a certificate via the Let's Encrypt extension with the following error:

    Could not issue an SSL/TLS certificate for example.com
    Details
    Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed. Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/321098646527. Details: Type: urn:ietf:params:acme:error:connection Status: 400 Detail: 203.0.113.2: Fetching http://example.com/.well-known/acme-challenge/kFBpRjpmUY0H8qwpYWlnmer8SbaJWTXEsv3ZuIsoCSg: Timeout during connect (likely firewall problem)

  • Port 80 is opened:

    # nmap 203.0.113.2 -p80 -Pn
    ...
    PORT STATE SERVICE
    80/tcp open http

  • Local Firewall is enabled on one or more third party extensions side.
  • The domain has the A DNS record only (IPv4).

Cause

The connection is blocked on the local firewall side by one or more third party extension.

Resolution

Consider disabling/removing any third party Firewall extensions.

Was this article helpful?

Comments

1 comment
Date Votes
  • Avatar
    Jan Schumacher | webhoster.de AG

    Hello,

    there is a problem with the configuration in this case. You can go to the hosting settings and remove the 301 forwarding. Then you can add a letsencrypt certificate and set the 301 again. A cert-renew is also working.

    So I think it's a plesk problem. Normally after auto-creation of the account with auto certificate. Something goes wrong and the option to 301 the domain to a non existing certificate prevents letsencrypt to get the url.

    Best regards

    Jan Schumacher | webhoster.de AG

     

    0

Please sign in to leave a comment.