Unable to issue Let's Encrypt certificate in Plesk for a domain inside a Docker container: Invalid response from example.com, 403 Unauthorized




  • Avatar
    Elias Soares
    While plesk team don't fix the issue, that's the workarround
    Find this block on your domain's generated config file (somewhere inside /etc/nginx/plesk.conf.d/)
            #extension letsencrypt begin
            location /.well-known/acme-challenge/ {
                    root /var/www/vhosts/default/htdocs;
                    types { }
                    default_type text/plain;
                    satisfy any;
                    auth_basic off;
                    allow all;
                    location ~ ^/\.well-known/acme-challenge.*/\. {
                            deny all;
            #extension letsencrypt end
    Changing the location line to this fixes the issue:
            location ^~ /.well-known/acme-challenge/ {
    Then if you guys want to fix it, just update this template in letsencrypt extension.
  • Avatar
    Alexandr Redikultsev

    Hello, @Elias Soares!

    Thank you very much for your effort and input.

    As our development team informed you in scope of the ticket you submitted, the issue should be already fixed by now.

    In case it is not true for you, do not hesitate to contact us back in scope of the ticket.

  • Avatar
    Stefan Bättig

    Hello Alexander

    The issue is not resolved in the version 17.8.11.

    The workarround with the additonal nginx-directive doesn't work: it gives still the error message "The authorization token is not available ...."

    But the solution from @Elias worked, but the the conf-files should not be modifed, and the changes go lost, after the files would be generated.

  • Avatar
    Sebastian Thomas

    You also need to make sure Proxymode is unchecked under Domains > example.com > Apache & nginx Settings

  • Avatar
    Alexandr Redikultsev

    Hi @Stefan Bättig,

    I have just double-checked that thoroughly: you are right, it appears that common directory rewrite rules for nginx are conflicting in case proxy mode is enabled, so the bug is indeed actual.

    I let our development team know about that, so hopefully it will be fixed soon!


    Dear @Sebastian Thomas,

    Thank you very much for the input, indeed: with disabled proxy mode it is working out of the box.

  • Avatar
    Unknown User

    I try those workaround, but it's not working on my server.

    The best way I find to do this is to remove the docker proxy rule from "/", renew certificate and create a new proxy rule.
    Maybe plesk team have to set a rule somewhere on the proxy system to not proxy  ".well-know"

  • Avatar
    Ivan Postnikov

    Hello @Jérémy,

    Thank you for sharing your user experience.

    After the bug will be resolved, the article will be updated with the corresponding information.

    > I try those workaround, but it's not working on my server.

    There is a possibility that there may be some difference on your server.
    I can suggest submitting a ticket to us or to our partner depending on where Plesk license was purchased from.

  • Avatar
    Stefan Hamann (Edited )

    Hab das gleiche problem seit ca 1 Woche, irged so ein Pleskupdate hat da was verbockt.

    hab halt leider ein Certifikat kaufen müssen! leider.

    letzter zeit werden die fehler von Plek, sehr problematisch.(Stundenfresse)


    Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/5ucPKjjgqvUyciFXfT4I8l0ewjoSkZPeIiS0VeM75o8.


       Type: urn:acme:error:connection

       Status: 400

       Detail: Fetching https://www.isdh.de/.well-known/acme-challenge/LCurvOkVC5Wy__aOev22QoOLChGFzHA6DfatVGLVDJ0: Timeout during connect (likely firewall problem)


    The following Let's Encrypt certificates have been renewed without some of their Subject Alternative Names:

  • Avatar
    Ivan Postnikov

    Hello @Stefan,

    Thank you for the feedback.

    The following article is devoted to this error: https://support.plesk.com/hc/en-us/articles/115003199234-Unable-to-install-Let-s-Encrypt-certificate-Timeout-during-connect-likely-firewall-problem-OR-Error-getting-validation-data-

    Please, try the solution from the article above.

    In case this would not help, I would recommend submitting a support request to Plesk directly (if license key was bought directly from us) or to one of our partners (if license key was bought from them): https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-

  • Avatar
    Stefan Bättig

    Hello @Alexandr and @Ivan

    Are there any new news or when will the bug be fixed?


    The workarround doesn't work:

    I turned off proxy mode.
    And of course I created the proxy rule, this is the real reason why the certificate can't be renewed.

    Still get the message "The authorization token is not available at...".
    We now have version: 17.8.11. #46

    Thank you


  • Avatar
    Ivan Postnikov

    Hello @Stefan,

    The bug is fixed in upcoming extension version 2.8.0.

    The ETA, for now, is the beginning of the 2nd quarter.

    In case the issue will persist after the extension update, consider submitting a request for Plesk Support.

Please sign in to leave a comment.

Have more questions? Submit a request