Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
A Let's Encrypt certificate installation fails with one of the following error messages:
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
...
Details:
Type: urn:ietf:params:acme:error:orderNotReady
Status: 403
Detail: Order's status ("pending") is not acceptable for finalization
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/order/63114583/905220149.
Details:
Type: urn:ietf:params:acme:error:malformed
Status: 404
Detail: No order for ID 905220149 -
Previously, there was an attempt to install a Let's Encrypt certificate on the same domain, but it failed.
Cause
Product issue:
- #EXTLETSENC-765 "If users face the “No order for ID” error when they renew their SSL/TLS certificates, the extension fixes the error in the background and the users are asked to issue an SSL/TLS certificate once again, which helps in most cases."
Fixed in:- Let’s Encrypt 2.8.5 07 February 2020
Resolution
Workaround
Click on a section to expand
-
Connect to the Plesk server via SSH
-
Search for the JSON file which contains the Let's Encrypt order in the
/usr/local/psa/var/modules/letsencrypt/ordersfolder:# egrep -Ril example.com /usr/local/psa/var/modules/letsencrypt/orders
/usr/local/psa/var/modules/letsencrypt/orders/c92788fed3b07d20e4ad823731285d30f0c88dcb.jsonNote: replace the example.com with the name of the affected domain.
-
Remove the JSON file retrieved with the previous command:
# rm /usr/local/psa/var/modules/letsencrypt/orders/c92788fed3b07d20e4ad823731285d30f0c88dcb.json
-
Connect to the Plesk server via RDP
-
Search for the JSON file which contains the Let's Encrypt order in the
%plesk_dir%var\modules\letsencrypt\ordersfolder:C:\> findstr /M example.com "%plesk_dir%var\modules\letsencrypt\orders\*"
C:\Program Files (x86)\Plesk\var\modules\letsencrypt\orders\1eda6b4e824a9ddcf4d0f43b6b3b9600b76344b6.jsonNote: replace the example.com with the name of the affected domain.
-
Remove the JSON file retrieved with the previous command:
C:\> del "%plesk_dir%var\modules\letsencrypt\orders\1eda6b4e824a9ddcf4d0f43b6b3b9600b76344b6.json"
Comments
8 comments
This bug is really annoying.
I've got several certificates that are (about to) expire.
Running CentOS 7 and resolution doesn't work.
Hello @Tom,
Usually, this workaround works without issues.
If possible, consider creating a support request to us or to our partner, depending on where the license was purchased to check the issue deeper:
https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-
Hi Ivan Postnikov, thank you for your response!
Unfortunately Plesk is purchased via a partner (TransIP).
They can't help me either...
I solved it now by removing and reinstalling Let's Encrypt AND SSL It!
Hello Tom Heuts
Glad to hear it's solved.
Also, there's a way to contact Plesk Support directly with licenses purchased from our partners: https://support.plesk.com/hc/en-us/articles/213953025-How-to-get-support-directly-from-Plesk-
¿Como se sabe que fichero json es el que tiene problemas? me salen muchos....
Deleting the existing JSON request didn't work for me, and being concerned about uninstalling the extension I opted to simply disable and reenable the LetsEncrypt extension. Tried reissuing a troublesome certificate afterwards and it worked again.
Hello Shawn K. Hall,
Thank you for sharing, it may be useful for other Pleskians.
Hello Eva Tarín,
The workaround is for domains one by one.
The workaround is to be applied for each domain with such an error.
The search for .json is described in "Resolution" section
Please sign in to leave a comment.