• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Another Letsencrypt Issue

Ken Grammer

Ken Grammer

New Pleskian
I'm running Plesk Onyx Version 17.5.3 Update #10 on a Ubuntu 16.04 Linode server. The Letsencrypt extension is Version: 2.1.0-48. I've created a new subscription for madgrammer.com but I can't get past the following error when I'm trying to set up the Letsencrypt certificate for the site:

Error: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Fetching http://kengrammer.com/.well-known/acme-challenge/oYrHYZaU-rJIni-Y1zXU5kUVNI04KkbQfEPECAKg7Vw: Timeout

I've tried some of the suggestions made in various threads (created AAAA record for IPv6, etc.), but nothing seems to work. I tried manually creating the ./well-known folder and that didn't help.

The log files also don't offer any help.

Anyone have any suggestions?
 
Last edited:
Hi Ken Grammer,

you might consider to start with:

=> Unable to install Let's Encrypt SSL: Invalid response from example.com: 404 Not Found


... and even that you stated:
Ken Grammer said:
The log files also don't offer any help.
Click to expand...
pls. consider to POST the corresponding log - file entries for further investigations, and since Let's Encrypt logs into the "panel.log"...

Sometimes, it is as well a good idea to change the log - level ( TEMPORARILY! ), to get more informations in Plesk - log - files:

 
I tailed the panel.log file and tried to create the cert and the error displayed at the top of the Plesk screen is the same error written to the log file.

[2017-06-22 23:45:06] ERR [panel] Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Fetching http://kengrammer.com/.well-known/acme-challenge/w1ozckLiU5HZfhpJ3Hd4gvECgECDi6cTTwqNslb5MCc: Timeout

I then turned on the debugging as requested and I hope I've attached the file with an excerpt from panel.log of the cert creation attempt.

I noticed that the file appears to be created, but then the error is thrown. So now I'm thinking that the problem may be with Linode's DNS manager interfering with the PLESK DNS management... so I wonder if I need to figure out how to have Linode pass DNS management through to Plesk...
 

Attachments

  • pleskCertIssue.txt
    162.1 KB · Views: 4
Last edited:
OK, I have PLESK set up as the slave DNS to Linode's master DNS, but I'm still getting the exact same error. DIG results appear OK.
I've manually created the .well-known/acme-challenge folder and placed a text.txt file there and it can be accessed from the web.

FYI... the domain I'm working with now is www.kengrammer.com.

At this point I'm a bit lost. Anyone have any additional ideas I can try?
 
Hi Ken Grammer,

you don't have a permanent redirect at the moment... just consider to get a valid certificate now again for your domain and pls. report back with the corresponding entries from your "panel.log" afterwards. ;)
 
Hi Ken Grammer,

BEFORE you test again, pls. check again for any possible ".htaccess" - files in your webroot - folder, as I noticed again a redirect from your-domain.com to www.your-domain.com, while checking your latest Let's Encrypt challenge URL. ;)
 
.htaccess looked ok, but I renamed it anyway and tested again. Same results.
Two tests down for this hour... :)

And the redirect was probably me testing. I had turned it on/off to test. I have it set to forward www to kengrammer.com right now.
 
Hi Ken Grammer,

again, just for your understanding and your tests, pls. inspect your "panel.log" ( best with "debug - log - level" - mode) to investigate and to understand what's going on during the certificate issue/validation process. You will save a lot of time this way, as the Let's Encrypt Extension logs ALL it's actions to this log. ;)



Additional informations:


Sometimes, it is as well a good idea to change the log - level ( TEMPORARILY! ), to get more informations in Plesk - log - files:

 
Just as a test, I pointed one of my domains back to my Debian 7.11 server (which is running PHP 5.4.45) and it produces the same error...
 
Wow. Thanks for re-posting that link. I had seen that early on but read it completely wrong. I assumed a MUST have the AAAA record for the IPV6 address, not that I needed to remove it. Once I removed the IPv6 records from the Linode DNS zone, I was able to create the LetsEncrypt certificate.

Now, the secondary problem is that I can't select the "kengrammer.com" preferred domain address. When I do that, I can't get to the web site using either "www.kengrammer.com" or "kengrammer.com". I have to select "none" to get the web site to render in the browser. I assume that would be a separate ticket, I just thought it was worth noting.

I will mark this thread as resolved. What a journey!
 
You must log in or register to reply here.

Similar threads

C
Question Plesk with Cloudflare Proxy DNS Records and Letsencrypt..
Replies
0
Views
1K
cpulove
C
R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
987
Robin McDermott
R
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
1K
mendip_discovery
M
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
3K
Daiv
D
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
Back
Top