• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Let's encrypt certificate problem

Z

Zoo3

Regular Pleskian
Last summer I used Let's encrypt as well as Plesk. I have encountered this problem three times since then.

"Could not issue a Let's Encrypt SSL/TLS certificate for DOMAIN" error.


Error: Could not issue a Let's Encrypt SSL/TLS certificate for MY-DOMAIN.

The authorization token is not available at https://MY-DOMAIN/.well-known/acme-challenge/GGGHHHIIIJJJKKK.
The token file '/MY-FULL-PATH/ROOT//.well-known/acme-challenge/GGGHHHIIIJJJKKK' is either unreadable or does not have the read permission.
To resolve the issue, correct the permissions on the token file to make it is possible to download it via the above URL.
See the related Knowledge Base article for details.

Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/AAABBBCCCDDDEEEFFF.

Details:
Type: urn:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://MY-DOMAIN/.well-known/acme-challenge/GGGHHHIIIJJJKKK: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"​


Since IPv6 can't be used under my contract, troubleshooting in the above error sentence couldn't be used.

The solution I found is as follows.
Delete error website certificate. Invalid use of SSL/TLS of website, erase additional directive. Once I update the website settings. And delete the .well-known directory. Then restore the setting again. Then install the certificate with Let's Encrypt module.

I asked my close friend this symptom. It was said that this was not a Let's Encrypt but a problem on Plesk side (or a problem with Let's Encrypt plugin in Plesk).

When I first encountered this problem, I didn't know the solution and broke the whole server. This type of problem is very scary.

Is there a way to prevent this authentication problem?

--
CentOS 7.3 / Plesk 17.0.17 update 42
 
Your close friend is wrong. This is neither a Plesk, nor Let's Encrypt issue. It is caused by an inaccessible .well-known directory through the web server. This again is normally caused by either permission errors, directory ownership errors on the parent directory or by rewrite rules that are redirecting all requests to ./well-known or its contents to a different location. It is a very common issue and occurs on bare bone / do-it-yourself-configured servers, too, that are for example using the certbot script.

In order for Let's Encrypt to operate properly you must make sure that the .well-known directory can be written to and read from by the web server. If you encounter the above mentioned error, this is not the case.
 
Thank you for reply.

Since I was writing permission in the error sentence, I attempted to change permission and ownership at the very beginning, but it was not able to solve as a result.
What owner and permission of the .well-known directory should be?
 
Just an elemental question: the domain is working on this server or is pointing to other?
This is a common problem when the domain is pointing to other ip/server and Let's encrypt trying to download the auth from a inexistent directory to authorize this request.

Best regards,
Horacio
 
You must log in or register to reply here.

Similar threads

R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
985
Robin McDermott
R
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
1K
mendip_discovery
M
J
Issue Let's encrypt for Plesk cannot be renewed status 500
Replies
1
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top