Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
- Attempt to issue a Let's encrypt certificate fails with the error:
PLESK_ERROR: We can not create an SSL Certificate for example.com:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: 203.0.113.2: Fetching https://example.com/.well-known/acme-challenge/YqQkDV1cAaR_L7F45tDIoWCBYX9QX3ReoPEgayOb2: Timeout during connect (likely firewall problem). - Ports 443 and 80 are open for the IP address from which the website loads
- Trying to Curl the address fails with one of the following a:
# curl https://example.com/.well-known/acme-challenge/YqQkDV1cAaR_L7F45tDIoWCBYX9QX3ReoPEgayOb2:
curl: (51) SSL: no alternative certificate subject name matches target host name 'example.com'# curl https://examplecom/.well-known/acme-challenge/wEazPf4SbPyWqsQjiRInl-BS0pD2LcJvWqrghiQom-w
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html - Visiting the HTTP address shows that a redirection is happening:
# curl -I http://example.com/.well-known/acme-challenge/YqQkDV1cAaR_L7F45tDIoWCBYX9QX3ReoPEgayOb2
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
Cause
Validation fails, because HTTP to HTTPS SEO redirection is happening and the Let's Encrypt servers need to access the URL like http://example.com/.well-known/acme-challenge/YqQkDV1cAaR_L7F45tDIoWCBYX9QX3ReoPEgayOb2
via HTTP , however since the SSL certificate is either expired or not functioning properly while HTTP to HTTPS SEO redirection is enabled, this causes another error and the URL becomes unreachable.
Resolution
- Log into Plesk
- Go to Domains > example.com > Hosting & DNS > Hosting
- Disable Redirect visitors from HTTP to HTTPS via a SEO friendly 301 redirect
- Issue the Let's Encrypt SSL certificate for this domain again
- Re-enable Redirect visitors from HTTP to HTTPS via a SEO friendly 301 redirect
Comments
0 comments
Please sign in to leave a comment.