Plesk for Linux
kb: bug
ext: le
Applicable to:
- Plesk for Linux
Symptoms
- Unable to issue or renew a Let's Encrypt SSL certificate for webmail.example.com at Plesk > example.com > Let's encrypt > selecting the Secure webmail on this domain checkbox. The following warning is shown
PLESK_WARN: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/mrkuES5ApWYKJEBElh47Ynxp03JmsjoKyADWUO0jbqA.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Invalid response from https://webmail.example.com/.well-known/acme-challenge/CYt1tP_7l1JsJVWy9iRBN7bCl8PyJyx8lVlSQis9F6c [203.0.113.2]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor="white">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"
- Repeating the above steps issues or renews the SSL certificate successfully.
Cause
Let's Encrypt extension bug EXTLETSENC-694 which will be fixed on future product updates.
Resolution
As a workaround, perform the process twice to successfully issue or renew the SSL certificate for the webmail:
- Log into Plesk;
- Go to Domains > example.com > Let's Encrypt
- Select the Secure webmail on this domain checkbox and click on Renew or OK.
Comments
8 comments
Is there any fix on Obsidian 18.0.23 for this?
@Urban Abode
Hi,
this bug has not been fixed yet. Does the workaround mentioned in the article work for you?
Thanks for the reply. I ended up getting it done but it was not as straight forward as it use to be. The SSL/TLs Certificates show as not secured in the extension and there is no Lets encrypt extension showing but the site its self is showing lock and by all accounts looks like its working.
Thanks Bulat Tsydenov
did not work the workaround solution.
@Pedro Telmo,
There is a chance, that the cause of the issue you've met isn't a bug.
Please check similar articles in the knowledge base.
If nothing works, consider contacting our Tech Support Team.
Hi,
Until the fix we deactivated the wildcard entry.
Hello,
It is true that when using external DNS to install/update properly wildcard certificate it is required to update TXT record manually.
If you want this operation to be done automatically use Plesk DNS instead.
For the people still experiencing issues with this.
I had the same issue.
Here was my solution:
This most probably happens (not always) when you're using a reverse dns proxy like Cloudflare.
If you use Cloudflare, follow these steps:
Go to the "Overview"-tab in your Cloudflare dashboard.
Under "Advanced Actions" on the bottom of the sidebar click on "Pause Cloudflare on Site", Press "Confirm".
Then under "Quick Actions" on the bottom of the sidebar switch the "Development Mode" option to "On".
Wait for about a few minutes.
Then try to obtain your new certificate using Plesk.
If successful, turn those options back on.
What this does, is: It passes on all requests directly to your webserver and uses Cloudflare only for DNS.
If you want to make sure it doesn't use Cloudflare's cache you can also click on "Purge Cache" under "Quick Actions" and then click "Purge everything" (Warning!: this will most probably increase your server load after you enable Cloudflare again )
Please sign in to leave a comment.