TITLE:
Let's Encrypt issue ( autorenewal + creation ) and SEO-safe 301 redirect
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:Plesk Onyx (and probably all Plesk versions using Let's Encrypt extension)
Let's Encrypt extension 2.2.2
Ubuntu 16.04.2 LTS (issue is platform independent)
PROBLEM DESCRIPTION:Let's Encrypt extension 2.2.2
Ubuntu 16.04.2 LTS (issue is platform independent)
Failure to create or renew Let's Encrypt (SSL) Certificate
Failure occurs when having the
"Permanent SEO-safe 301 redirect from HTTP to HTTPS"
activated under "[Domain] > Hosting settings"
STEPS TO REPRODUCE:Failure occurs when having the
"Permanent SEO-safe 301 redirect from HTTP to HTTPS"
activated under "[Domain] > Hosting settings"
STR TO RECREATE ISSUE:
- activate "Permanent SEO-safe 301 redirect from HTTP to HTTPS"
- create or renew Let's Encrypt certificate
NOTE: it does not matter whether one renews via the extension or under "Domains > [domain] > Let's Encrypt"
STR TO RECREATE SOLUTION (i.e. a work-around/double-check):
- deactive "Permanent SEO-safe 301 redirect from HTTP to HTTPS"
- that's all, the certification processes works as it should
ACTUAL RESULT:- activate "Permanent SEO-safe 301 redirect from HTTP to HTTPS"
- create or renew Let's Encrypt certificate
NOTE: it does not matter whether one renews via the extension or under "Domains > [domain] > Let's Encrypt"
STR TO RECREATE SOLUTION (i.e. a work-around/double-check):
- deactive "Permanent SEO-safe 301 redirect from HTTP to HTTPS"
- that's all, the certification processes works as it should
STR will yield the following error notification:
Unable to obtain Let's Encrypt SSL certificate because of failed challenge for domain "[domain]":
Invalid response from http://[domain]/.well-known/acme-challenge/0dB8yG1VbNY8ZHkoc3KxJYLQdHFtl-ufD3BV_ldtsWw: "<HTML> <HEAD> <TITLE>404 Not Found</TITLE> </HEAD> <BODY> <H1>Not Found</H1> The requested document was not found on this server"
EXPECTED RESULT:Unable to obtain Let's Encrypt SSL certificate because of failed challenge for domain "[domain]":
Invalid response from http://[domain]/.well-known/acme-challenge/0dB8yG1VbNY8ZHkoc3KxJYLQdHFtl-ufD3BV_ldtsWw: "<HTML> <HEAD> <TITLE>404 Not Found</TITLE> </HEAD> <BODY> <H1>Not Found</H1> The requested document was not found on this server"
Let's Encrypt certification processes
- should be indifferent between http or https protocols
- should be aware of the relevant protocol, so any acme-challenge would actually include the correct URL (http when http protocol is activated and https when https is activated)
This should be recoded as such:
1) use the acme-challenge with the https protocol at renewal by default, (and)
2) use the acme-challenge with the http protocol at creation time by default,
OR: use the https protocol by default and use "exception" coding to switch to acme-challenging with the http protocol.
ANY ADDITIONAL INFORMATION:- should be indifferent between http or https protocols
- should be aware of the relevant protocol, so any acme-challenge would actually include the correct URL (http when http protocol is activated and https when https is activated)
This should be recoded as such:
1) use the acme-challenge with the https protocol at renewal by default, (and)
2) use the acme-challenge with the http protocol at creation time by default,
OR: use the https protocol by default and use "exception" coding to switch to acme-challenging with the http protocol.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:Confirm bug