• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue [Lets Encrypt] Renewal fails for 1 of 6 domains?

P

Puma7

New Pleskian
Hi,
i get following error:

Code: 
[2019-04-10 03:42:12.063] ERR [extension/letsencrypt] Domain validation failed for domain.de: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/Mss0qTpZoML0uJA4t4EebefMwTOwM6DfyMAWQGKN7Mw.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://domain.de/.well-known/acme-challenge/paMRlBU1WoiI-jTxGrfrf8DkZG5eoMvMVodHCLo6HaQ: Error getting validation data
[2019-04-10 03:42:12.080] ERR [extension/letsencrypt] Domain validation failed: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/Mss0qTpZoML0uJA4t4EebefMwTOwM6DfyMAWQGKN7Mw.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://domain.de/.well-known/acme-challenge/paMRlBU1WoiI-jTxGrfrf8DkZG5eoMvMVodHCLo6HaQ: Error getting validation data
[2019-04-10 03:42:12.107] ERR [extension/letsencrypt] Failed to renew certificate of domain 'domain.de': Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/Mss0qTpZoML0uJA4t4EebefMwTOwM6DfyMAWQGKN7Mw.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://domain.de/.well-known/acme-challenge/paMRlBU1WoiI-jTxGrfrf8DkZG5eoMvMVodHCLo6HaQ: Error getting validation data

I already tried several things and found out that only one domain was affected of 6 on the same server.

Right now my best bet is that the CDN which is in front of the site either blocks the connection or the redirect from the CDN from domain.de to www.domain.de is an issue for lets encrypte.

My hope is that someone has further input to this issue :)
 
Did you mean "Web Hosting Access -> IPv6 address -> none". If so, then yes IPv6 was disabled the whole time.

In between I also switched servers from Debian to Ubuntu. But if the rest works I don't see why only one domain should fail.
 
Normally the 400 error means that Let's Encrypt cannot read the token to validate the domain. Try to open the file manually in a browser.
Code: 
https://domain.de/.well-known/acme-challenge/paMRlBU1WoiI-jTxGrfrf8DkZG5eoMvMVodHCLo6HaQ
The URL is only an example taken from your 400 error message. The token file changes from attempt to attempt, so this is only an example.

If this works, then it is most likely an issue with the IPv6 configuration, because Let's Encrypt will first try an IPv6 route. Other issues can include caching (however, in that case the browser should not display the token either).
 
it's strange.

I can get the token via browser. So also Lets Encrypt should get a connection.
Then the last option is that something between my server and Lets Encrypt blocks the connection. I use for this Site Incapsula as CDN. In the Incapsula logs I can't see any blocked attempts.

Is Lets Encrypt fixed on domain.de or does also www.domain.de work?
 
You must log in or register to reply here.

Similar threads

R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
987
Robin McDermott
R
S
Question Secure the plesk with SSL fails
Replies
9
Views
613
Shorty
S
T
Issue SSL certificate renewal under cloudflare
Replies
0
Views
629
theplaza
T
J
Issue Let's encrypt for Plesk cannot be renewed status 500
Replies
1
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
Back
Top