Applicable to:
- Plesk for Linux
Symptoms
-
Unable to issue Let's Encrypt Certificate:
CONFIG_TEXT: Detail: During secondary validation: Invalid response from http://example.com/.well-known/acme-challenge/1tKjieKSvO82nyBBUrPyarSdIOmEfFui3DZ9CaxTaPc [203.0.113.2]: "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <title>Captcha</title>\n <link rel=\"stylesheet\"\n "
-
The error reports some "<title>Captcha</title>" response, however browser and CURL returns the correct file.
-
During the certificate request, there is only one HTTP GET request from Let's Encrypt validation server that reaches the server and appears in logs (should be two or three similar requests in a row)
/var/www/vhosts/system/example.com/logs/proxy_access_ssl_log
CONFIG_TEXT: 203.0.113.3 - - [26/Jun/2020:13:15:50 +0700] "GET /.well-known/acme-challenge/E40340TLEpSAoZMvV9dyQCuAetVxXilQ8k_tzb0VONw HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
- Imunify360 is installed on the server
Cause
This issue is caused by an Imunify 360 firewall rule (IM360) which fixed in version 3.18 of the ruleset.
Resolution
- Log in to Plesk through SSH as root user
-
Execute:
# imunify360-agent update --force modsec-rules
Comments
0 comments
Please sign in to leave a comment.