Applicable to:
- Plesk for Linux
Symptoms
-
Issuing a Let's Encrypt SSL in Plesk at Tools & Settings > SSL/TLS Certificates > +Let's Encrypt results in the following error:
PLESK_ERROR: Could not issue an SSL/TLS certificate for server.example.com
Details
Could not request a Let's Encrypt SSL/TLS certificate for server.example.com
Go to http://server.example.com/.well-known/acme-challenge/cix0o5EaO0fc3YzBoxvIW9NVtJzAic_sXd1XCWyXDC
and check if the authorization token is available.
If it is, try to request the certificate again. If the token is not available, there may be an issue with your DNS configuration.
Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP: 203.0.113.2.
Make sure that the IP address(es) specified in the domain's DNS zone match the IP address(es) the domain is hosted on.
If it does not help or if you cannot find an issue with your DNS configuration, use this KB article for troubleshooting. - The IP address mentioned in the error (in this example,
203.0.113.2) is the correct IP address and the domain correctly resolves to the server. -
Upon visiting the URL mentioned in the error (in this example,
http://server.example.com/.well-known/acme-challenge/cix0o5EaO0fc3YzBoxvIW9NVtJzAic_sXd1XCWyXDC8) an Apache Not Found error is displayed: - http://server.example.com does not redirect to HTTPS and shows the default Apache server page.
- Upon executing the commands
plesk repair web -serverandplesk repair web -domains-onlyvia SSH no inconsistencies are reported.
Cause
The root cause is unclear.
Resolution
As a workaround, perform the following steps:
- Connect to the server via SSH.
-
Disable the option for Apache to listen on localhost only by executing:
# plesk bin apache --listen-on-localhost false
- Issue a new SSL certificate for the Plesk server hostname.
-
Set Apache to listen on localhost only once again by executing:
# plesk bin apache --listen-on-localhost true
Comments
Please sign in to leave a comment.