Articles in this section

See more

Unable to issue a Let's Encrypt certificate for domain with forwarding hosting type when nginx is not installed and/or disabled on the Plesk server

Avatar
Anastasia Zyrianova
Updated
Follow
Plesk for Linux kb: fixed kb: bug ext: sslit

Applicable to:

  • Plesk for Linux

Symptoms

  • Forwarding hosting type is set for the domain in Plesk > Domains > example.com > Hosting & DNS tab > Hosting Settings.

  • When trying to issue a Let's Encrypt certificate in Domains > example.com > SSL/TLS Certificates, the following error is provided:

    CONFIG_TEXT:Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
    The authorization token is not available at http://example.com/.well-known/acme-challenge/vjcxCwV74PbWUvnMTT2o5MeWP8z0rg054SP_IfIYfXg.
    To resolve the issue, make sure that the token file can be downloaded via the above URL.
    Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/76408809540.
    Details:
    Type: urn:ietf:params:acme:error:unauthorized
    Status: 403
    Detail: Invalid response from https://example.com/.well-known/acme-challenge/vjcxCwV74PbWUvnMTT2o5MeWP8z0rg054SP_IfIYfXg

Cause

Product issue:

  • #EXTSSLIT-1871 "If nginx is disabled, it is no longer possible to start securing a domain with the “Forwarding” hosting type (because this scenario is not supported and is bound to fail)."
    Fixed in:

Resolution

Please consider updating your server:

Workaround

If update is not possible for some reason you may try the following

workaround
  1. Log into Plesk.
  2. Install and enable nginx on the server.
  3. Issue the certificate in Domains > example.com > SSL/TLS Certificates.

Comments

3 comments

Sort by Date Votes
  • Avatar
    Tim Bertens

    On a new installation of Plesk 18.0.45 with Ubuntu 22.4LTS (with migrated sites from an old host) I have the problem that Let's encrypt SSL certificates cannot be added / renewed to Forwarding Domains even though Nginx is installed and enabled on the server.  This problem did not occur on the old host. 

    Interestingly enough when switching the website temporary to regular website and disable Apache, so nginx is serving the pages and not acting as reverse proxy and then switching it back to Forwarding Domain, it works as it used to do and is expected. 

    0
    Comment actions Permalink
  • Avatar
    Anastasia Zyrianova

    Hello Tim Bertens,

    Make sure that the Common Challenge Directory is enabled on the new server as per the article.
    If the issue still persists after that, please provide me with more details regarding it. Any error messages/details will be highly appreciated. You may also consider submitting a ticket to Plesk Technical Support for a detailed investigation.

    0
    Comment actions Permalink
  • Avatar
    Tim Bertens (Edited )

    Hello Anastasia,

    thanks for the response.  Yes, I found that article before and already did the check.  The common-challenge-dir was already enabled on that host, see first command in screenshot.  But I've enabled it again, the output of the same command did not change however ... now the renewal of those SSL certificates for forwarding domains actually work fine!  Which is confusing, but great ! 

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles