• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Let's Encrypt issue ( autorenewal + creation ) and SEO-safe 301 redirect

T

trialotto

Golden Pleskian
Plesk Guru
TITLE:
Let's Encrypt issue ( autorenewal + creation ) and SEO-safe 301 redirect
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx (and probably all Plesk versions using Let's Encrypt extension)
Let's Encrypt extension 2.2.2
Ubuntu 16.04.2 LTS (issue is platform independent)
PROBLEM DESCRIPTION:
Failure to create or renew Let's Encrypt (SSL) Certificate

Failure occurs when having the

"Permanent SEO-safe 301 redirect from HTTP to HTTPS"

activated under "[Domain] > Hosting settings"​
STEPS TO REPRODUCE:
STR TO RECREATE ISSUE:
- activate "Permanent SEO-safe 301 redirect from HTTP to HTTPS"
- create or renew Let's Encrypt certificate

NOTE: it does not matter whether one renews via the extension or under "Domains > [domain] > Let's Encrypt"

STR TO RECREATE SOLUTION (i.e. a work-around/double-check):
- deactive "Permanent SEO-safe 301 redirect from HTTP to HTTPS"
- that's all, the certification processes works as it should​
ACTUAL RESULT:
STR will yield the following error notification:

Unable to obtain Let's Encrypt SSL certificate because of failed challenge for domain "[domain]":
Invalid response from http://[domain]/.well-known/acme-challenge/0dB8yG1VbNY8ZHkoc3KxJYLQdHFtl-ufD3BV_ldtsWw: "<HTML> <HEAD> <TITLE>404 Not Found</TITLE> </HEAD> <BODY> <H1>Not Found</H1> The requested document was not found on this server"​
EXPECTED RESULT:
Let's Encrypt certification processes

- should be indifferent between http or https protocols
- should be aware of the relevant protocol, so any acme-challenge would actually include the correct URL (http when http protocol is activated and https when https is activated)

This should be recoded as such:

1) use the acme-challenge with the https protocol at renewal by default, (and)
2) use the acme-challenge with the http protocol at creation time by default,

OR: use the https protocol by default and use "exception" coding to switch to acme-challenging with the http protocol.​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
You must log in or register to reply here.

Similar threads

R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
987
Robin McDermott
R
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
1K
mendip_discovery
M
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
R
Issue Let's Encrypt Error 400 on every domain
Replies
1
Views
790
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top