Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
A Let's Encrypt certificate installation fails with one of the following error messages:
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
...
Details:
Type: urn:ietf:params:acme:error:orderNotReady
Status: 403
Detail: Order's status ("pending") is not acceptable for finalization
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/order/63114583/905220149.
Details:
Type: urn:ietf:params:acme:error:malformed
Status: 404
Detail: No order for ID 905220149 -
Previously, there was an attempt to install a Let's Encrypt certificate on the same domain, but it failed.
Cause
Product issue:
- #EXTLETSENC-765 "If users face the “No order for ID” error when they renew their SSL/TLS certificates, the extension fixes the error in the background and the users are asked to issue an SSL/TLS certificate once again, which helps in most cases."
Fixed in:- Let’s Encrypt 2.8.5 07 February 2020
Resolution
Workaround
Click on a section to expand
-
Connect to the Plesk server via SSH
-
Search for the JSON file which contains the Let's Encrypt order in the
/usr/local/psa/var/modules/sslit/ordersfolder:# egrep -Ril example.com /usr/local/psa/var/modules/sslit/orders
/usr/local/psa/var/modules/sslit/orders/c92788fed3b07d20e4ad823731285d30f0c88dcb.jsonNote: replace the example.com with the name of the affected domain.
-
Remove the JSON file retrieved with the previous command:
# rm /usr/local/psa/var/modules/sslit/orders/c92788fed3b07d20e4ad823731285d30f0c88dcb.json
-
Connect to the Plesk server via RDP
-
Search for the JSON file which contains the Let's Encrypt order in the
%plesk_dir%var\modules\sslit\ordersfolder:C:\> findstr /M example.com "%plesk_dir%var\modules\sslit\orders\*"
C:\Program Files (x86)\Plesk\var\modules\sslit\orders\1eda6b4e824a9ddcf4d0f43b6b3b9600b76344b6.jsonNote: replace the example.com with the name of the affected domain.
-
Remove the JSON file retrieved with the previous command:
C:\> del "%plesk_dir%var\modules\sslit\orders\1eda6b4e824a9ddcf4d0f43b6b3b9600b76344b6.json"
Comments
20 comments
This bug is really annoying.
I've got several certificates that are (about to) expire.
Running CentOS 7 and resolution doesn't work.
Hello @Tom,
Usually, this workaround works without issues.
If possible, consider creating a support request to us or to our partner, depending on where the license was purchased to check the issue deeper:
https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-
Hi Ivan Postnikov, thank you for your response!
Unfortunately Plesk is purchased via a partner (TransIP).
They can't help me either...
I solved it now by removing and reinstalling Let's Encrypt AND SSL It!
Hello Tom Heuts
Glad to hear it's solved.
Also, there's a way to contact Plesk Support directly with licenses purchased from our partners: https://support.plesk.com/hc/en-us/articles/213953025-How-to-get-support-directly-from-Plesk-
¿Como se sabe que fichero json es el que tiene problemas? me salen muchos....
Deleting the existing JSON request didn't work for me, and being concerned about uninstalling the extension I opted to simply disable and reenable the LetsEncrypt extension. Tried reissuing a troublesome certificate afterwards and it worked again.
Hello Shawn K. Hall,
Thank you for sharing, it may be useful for other Pleskians.
Hello Eva Tarín,
The workaround is for domains one by one.
The workaround is to be applied for each domain with such an error.
The search for .json is described in "Resolution" section
Hola Eva Tarín
igual ya lo has resuelto, pero por si acaso, con el comando
# egrep -Ril [example.com] /usr/local/psa/var/modules/letsencrypt/orders
donde [example.com] debe ser tu dominio, apuntará a un .json.
Después para borrarlo copia la línea que te dió como resultado y ejecuta el comando:
# rm [pegas la línea con el .json]
I used the workaround for Linux for the first domain, deleted the json file, assigned a new lets encrypt certificate und PUH !!! it worked.
Now there are a dozen other domains where the certificate will end during the next weeks. Oha.
Ulrike
Hi @Haessler,
It's not expected that workaround is needed here if you are using the latest Plesk version/update as bug is supposed to be fixed already. So just make sure your server is up to date. If yes, but still issue is not solved on your side and you have to apply the workaround, it worth reporting to our support team.
Hallo Yulia,
thank you for your answer. The error raised on the latest version of Plesk (Version 18.0.28 last month), but the domain was migrated from another Server, I guess this was the reason
the workaround (removing the json file) fixed the issue for me
Today I received an email from our Plesk server (Version 18.0.31 Update #2) with this error. The Let's Encrypt extension version is "2.12.3-676". I see there is an extension update released today (Dec 8 2020). I will install that and see if the error reoccurs.
Help please
Error: Could not issue a Let's Encrypt SSL/TLS certificate for andrey-baugu.ch. Authorization for the domain failed.
Details
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: No valid IP addresses found for andrey-baugu.ch
Andrey Bau the DNS for your domain is not resolving. If DNS does not resolve then NO provider can generate a secure certificate for you. Fix your DNS and then the certificate generation will work.
Good day
I always get this email, I have already deleted the *.json file on all 4 domains (these have even more subdomains), but without success.
What else can I do?
Hello @Marius Degen
This issue is not related to #EXTLETSENC-765 bug which is already fixed.
I can assume that the issue can be related to the fact that you trying to issue the certificate for wildcard domains.
Wildcard domains can not have their own certificates.
Let's Encrypt can not check the necessary record starting with the underscore symbol.
The issue is still not fixed. After running Plesk renew skrip as cron, we have sometime the problem that the checkbox for www-Subdomain is not active. If we renew the certificate perhand Plesk show this Error.
The solution(no finel) is too revoke the current certificate and reinstall it after 5 or more minutes.
Wrong path (orders were in letsenrypt folder, not sslit)
Please sign in to leave a comment.