• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue .well-known/acme-challenge 403 forbidden

A

assist bss

New Pleskian
Environment: Plesk Onyx 17.8.11 Update #54
OS: Debian 8.11 64bit

In order to exclude problem with letsencrypt, I just created .well-known/acme-challenge/index.html.
If I try to access from browser I get 403 forbidden

The problem is not related to permission or nginx directive, indeed if I just rename acme-challenge to anything else I can reach index.html from browser. To be clearer:

mydomain.com/.well-known/acme2-challenge works
mydomain.com/.well-known/acme-challenge doesn't

I can just access to everything inside .well-known except acme-challenge folder.

Nginx directives related to .well-known/acme-challenge is just ignored

Here is my nginx directives configuration:

location ~ /.well-known {
allow all;
}

Also tried


location ~ /.well-known/acme-challenge {
allow all;
}
 
"In order to exclude problem with letsencrypt, I just created .well-known/acme-challenge/index.html."

What is the issue with Letsencrypt? Why do you have to create these files/folder manually?

 
Before installation I emptied httpdocs, then I recreated manually .well-known/acme-challenge from plesk filemanager.

The problem with letsencrypt is 403 trying access to .well-known/acme-challenge/{challenge} during challenge, but in other plesk installations I just need this location directive:

location ~ /.well-known {
allow all;
}

But in this case is not enough.

Actually, access to acme-challenge is forbidden from browser, the same folder renamed (same permissions, same location, same owner, same group) become accessible. To try this I just created an index.html file under .well-known/acme2-challenge (originally was .well-kwnown/acme-challenge) and I can reach it without any problem.

Using letsencrypt integrated with plesk works, but I need to use a custom script that update certificate, associate it to a subscription on plesk and update jboss keystore. I use the same script on at least 5 vps with plesk 17 and 10 vps with plesk 12 for an amount of 40 virtual hosts.
The only strange behaviour I noticed on this specific vps is the forbidden access to acme-challenge folder.
 
Last edited:
I've no deny directives to remove. Here is my configuration:

NEVCaD9.png
 
You must log in or register to reply here.

Similar threads

L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
J.Wick
Let's Encrypt Directives Left Over in NGINX.conf when moving to other SSL options.
Replies
6
Views
3K
scsa20
scsa20
S
Question acme-challenge folder is not accessible
Replies
2
Views
6K
serg499
S
Y
Question Issue Implementing Dynamic CORS Headers in Plesk’s Additional NGINX Directives
Replies
1
Views
401
yfain
Y
P
Resolved Could not issue/renew Let`s Encrypt certificates for admin
Replies
7
Views
4K
hello_world.c
H
Back
Top