Unable to issue or renew a Let's Encrypt SSL certificate for webmail in Plesk: 403 unauthorized

Follow

Comments

8 comments

  • Avatar
    Urban Abode

    Is there any fix on Obsidian 18.0.23 for this?

     

    0
    Comment actions Permalink
  • Avatar
    Bulat Tsydenov

    @Urban Abode

    Hi,
    this bug has not been fixed yet. Does the workaround mentioned in the article work for you?

    0
    Comment actions Permalink
  • Avatar
    Urban Abode

    Thanks for the reply. I ended up getting it done but it was not as straight forward as it use to be. The SSL/TLs Certificates show as not secured in the extension and there is no Lets encrypt extension showing but the site its self is showing lock and by all accounts looks like its working.

    Thanks Bulat Tsydenov

     

    0
    Comment actions Permalink
  • Avatar
    Pedro Telmo

    did not work the workaround solution.

    0
    Comment actions Permalink
  • Avatar
    Anzhelika Khapaknysh

    @Pedro Telmo,

    There is a chance, that the cause of the issue you've met isn't a bug.
    Please check similar articles in the knowledge base.

    If nothing works, consider contacting our Tech Support Team.

    0
    Comment actions Permalink
  • Avatar
    Marc

    Hi,

    Just performing an update in Lets Encrypt is not enough at our Enviroment. We use external DNS-Delegation. 
    We would have to renew the TXT entry in the external DNS too, because the previous entry would be invalid.
    We manage more than 150 domains, it would be a lot of work to renew the _acme-challenge entries for all wildcards.
    Until the fix we deactivated the wildcard entry. 
    0
    Comment actions Permalink
  • Avatar
    Ekaterina Babenko

    Hello,
    It is true that when using external DNS to install/update properly wildcard certificate it is required to update TXT record manually.
    If you want this operation to be done automatically use Plesk DNS instead.

    0
    Comment actions Permalink
  • Avatar
    Crypt0maniak

    For the people still experiencing issues with this.
    I had the same issue.

    Here was my solution:

    This most probably happens (not always) when you're using a reverse dns proxy like Cloudflare.
    If you use Cloudflare, follow these steps:

    Go to the "Overview"-tab in your Cloudflare dashboard.
    Under "Advanced Actions" on the bottom of the sidebar click on "Pause Cloudflare on Site", Press "Confirm".
    Then under "Quick Actions" on the bottom of the sidebar switch the "Development Mode" option to "On".
    Wait for about a few minutes.
    Then try to obtain your new certificate using Plesk.
    If successful, turn those options back on.

    What this does, is: It passes on all requests directly to your webserver and uses Cloudflare only for DNS.
    If you want to make sure it doesn't use Cloudflare's cache you can also click on "Purge Cache" under "Quick Actions" and then click "Purge everything" (Warning!: this will most probably increase your server load after you enable Cloudflare again )

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request