• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Installing Let's Encrypt Certificate Fails

G

gbotica

Regular Pleskian
Hi,
I am migrating a bunch of sites from Plesk 12.0.18 to Onyx (latest). All has gone well, using Plesk Migrator.

However, I have one site that won't let me install a Let's Encrypt Certificate (worked OK for all others). This site has a GeoTrust certificate installed. The cert was successfully transferred as a result of the migration, but if I try and replace it with a Let's Encrpyt certificate I get the following message in the Plesk UI:

Code: 
Error: Could not issue a Let's Encrypt SSL/TLS certificate for AAAAAA.co.nz. Authorization for the domain failed.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/8Vpupdn9CxoYpMyebl43YBbJzcRW1VoNlGt46DUy3hw.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://BBBB.BBBBB.co.nz:8443: Invalid port in redirect target. Only ports 80 and 443 are supported, not 8443

Weird thing is .. the "Detail: Fetching https://BBBB.BBBBB.co.nz ... " URL is for the Plesk Panel, from the old server that it was migrated from. For some reason the Let's Encrpyt install script is trying the verify the old Plesk Panel URL, instead of the URL for the actual site.

Presumably, I can fix this by editing something in the psa database?

Any help appreciated.

Thanks.
 
Hi gbotica,

Is the domain accessible from the internet? the domain is not password protected, right? The Let's Encrypt api needs to have access to the domain to perform the certificate generation process.
 
garcue said:
Hi gbotica,

Is the domain accessible from the internet? the domain is not password protected, right? The Let's Encrypt api needs to have access to the domain to perform the certificate generation process.
Click to expand...

Hi, yes -- accessible from the internet and no password protection. There was an Apache rewrite to redirect port 80 to https. I had tried disabling it previously, but didn't have any result.

However, I just tried again and it worked!

Awesome -- thanks for your help.

FYI, here's the rewrite I disabled:

Code: 
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://BBB.BBBBBBBB.co.nz/$1 [R,L]
</IfModule>
 
Actually... just realised what the problem was. I was also including a domain alias in the Let's Encrypt certificate and the A record for that domain still points to the old server. Doh!

Solved. Thanks for your assistance.
 
You must log in or register to reply here.

Similar threads

R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
987
Robin McDermott
R
J
Issue Let's encrypt for Plesk cannot be renewed status 500
Replies
1
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
C
Resolved Plesk Login for Customers over Subdomain with Certificate.
Replies
2
Views
1K
cpulove
C
S
Question Secure the plesk with SSL fails
Replies
9
Views
613
Shorty
S
Back
Top