Applicable to:
- Plesk Onyx for Linux
Note: This article has the reference to the issue with the fix available:
- #EXTLETSENC-11 "Configured Docker Proxy Rules can no longer hinder the performance of the Let’s Encrypt extension."
Fixed in:- Let’s Encrypt 2.8.0 28 May 2019
Symptoms
-
Domain example.com has a Proxy rule for a Docker application configured in Domains > example.com > Docker Proxy Rules
-
On attempt to install Let's Encrypt certificate in Domains > example.com > Let's Encrypt > Install the following error is shown in Plesk:
PLESK_ERROR: The authorization token is not available at https://example.com/.well-known/acme-challenge/39lkQPqRlUmgdiFIv7cVDOYa_wHqqulMjM-Mk3CLwh4.
To resolve the issue, make it is possible to download the token file via the above URL.
See the related Knowledge Base article for details.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/abcdefgijkmnopqrtuvwxyz.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://example.com/.well-known/acme-challenge/39lkQPqRlUmgdiFIv7cVDOYa_wHqqulMjM-Mk3CLwh4: "<!DOCTYPE html>
Cause
This is a bug in Let's Encrypt extension with ID EXTLETSENC-11. Let's Encrypt authorization requests are proxied inside to the Docker container.
Resolution
As a workaround:
-
Go to Domains > example.com > Apache & nginx Settings >Disable Proxy Mode > OK.
-
Go to Domains > example.com > Docker Proxy Rules > Configure Docker Proxy rule according to the port used by the Docker container > OK.
-
Go to Domains > example.com > Apache & nginx Settings.
-
Add the following directives in Additional nginx directives:
CONFIG_TEXT: location ^~ /.well-known/ {}
-
Click OK.
Additional information
Unable to install Let's Encrypt SSL on a domain with multiple IPs: 403 Invalid response from
Comments
11 comments
Hello, @Elias Soares!
Thank you very much for your effort and input.
As our development team informed you in scope of the ticket you submitted, the issue should be already fixed by now.
In case it is not true for you, do not hesitate to contact us back in scope of the ticket.
Hello Alexander
The issue is not resolved in the version 17.8.11.
The workarround with the additonal nginx-directive doesn't work: it gives still the error message "The authorization token is not available ...."
But the solution from @Elias worked, but the the conf-files should not be modifed, and the changes go lost, after the files would be generated.
You also need to make sure Proxymode is unchecked under Domains > example.com > Apache & nginx Settings
Hi @Stefan Bättig,
I have just double-checked that thoroughly: you are right, it appears that common directory rewrite rules for nginx are conflicting in case proxy mode is enabled, so the bug is indeed actual.
I let our development team know about that, so hopefully it will be fixed soon!
Dear @Sebastian Thomas,
Thank you very much for the input, indeed: with disabled proxy mode it is working out of the box.
I try those workaround, but it's not working on my server.
The best way I find to do this is to remove the docker proxy rule from "/", renew certificate and create a new proxy rule.
Maybe plesk team have to set a rule somewhere on the proxy system to not proxy ".well-know"
Hello @Jérémy,
Thank you for sharing your user experience.
After the bug will be resolved, the article will be updated with the corresponding information.
> I try those workaround, but it's not working on my server.
There is a possibility that there may be some difference on your server.
I can suggest submitting a ticket to us or to our partner depending on where Plesk license was purchased from.
Hab das gleiche problem seit ca 1 Woche, irged so ein Pleskupdate hat da was verbockt.
hab halt leider ein Certifikat kaufen müssen! leider.
letzter zeit werden die fehler von Plek, sehr problematisch.(Stundenfresse)
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/5ucPKjjgqvUyciFXfT4I8l0ewjoSkZPeIiS0VeM75o8.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://www.isdh.de/.well-known/acme-challenge/LCurvOkVC5Wy__aOev22QoOLChGFzHA6DfatVGLVDJ0: Timeout during connect (likely firewall problem)
The following Let's Encrypt certificates have been renewed without some of their Subject Alternative Names:
Hello @Stefan,
Thank you for the feedback.
The following article is devoted to this error: https://support.plesk.com/hc/en-us/articles/115003199234-Unable-to-install-Let-s-Encrypt-certificate-Timeout-during-connect-likely-firewall-problem-OR-Error-getting-validation-data-
Please, try the solution from the article above.
In case this would not help, I would recommend submitting a support request to Plesk directly (if license key was bought directly from us) or to one of our partners (if license key was bought from them): https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-
Hello @Alexandr and @Ivan
Are there any new news or when will the bug be fixed?
The workarround doesn't work:
I turned off proxy mode.
And of course I created the proxy rule, this is the real reason why the certificate can't be renewed.
Still get the message "The authorization token is not available at...".
We now have version: 17.8.11. #46
Thank you
Hello @Stefan,
The bug is fixed in upcoming extension version 2.8.0.
The ETA, for now, is the beginning of the 2nd quarter.
In case the issue will persist after the extension update, consider submitting a request for Plesk Support.
Please sign in to leave a comment.