• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Another Letsencrypt Issue

Ken Grammer

Ken Grammer

New Pleskian
I'm running Plesk Onyx Version 17.5.3 Update #10 on a Ubuntu 16.04 Linode server. The Letsencrypt extension is Version: 2.1.0-48. I've created a new subscription for madgrammer.com but I can't get past the following error when I'm trying to set up the Letsencrypt certificate for the site:

Error: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Fetching http://kengrammer.com/.well-known/acme-challenge/oYrHYZaU-rJIni-Y1zXU5kUVNI04KkbQfEPECAKg7Vw: Timeout

I've tried some of the suggestions made in various threads (created AAAA record for IPv6, etc.), but nothing seems to work. I tried manually creating the ./well-known folder and that didn't help.

The log files also don't offer any help.

Anyone have any suggestions?
 
Last edited:
Hi Ken Grammer,

you might consider to start with:

=> Unable to install Let's Encrypt SSL: Invalid response from example.com: 404 Not Found


... and even that you stated:
Ken Grammer said:
The log files also don't offer any help.
Click to expand...
pls. consider to POST the corresponding log - file entries for further investigations, and since Let's Encrypt logs into the "panel.log"...

Sometimes, it is as well a good idea to change the log - level ( TEMPORARILY! ), to get more informations in Plesk - log - files:

 
I tailed the panel.log file and tried to create the cert and the error displayed at the top of the Plesk screen is the same error written to the log file.

[2017-06-22 23:45:06] ERR [panel] Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Fetching http://kengrammer.com/.well-known/acme-challenge/w1ozckLiU5HZfhpJ3Hd4gvECgECDi6cTTwqNslb5MCc: Timeout

I then turned on the debugging as requested and I hope I've attached the file with an excerpt from panel.log of the cert creation attempt.

I noticed that the file appears to be created, but then the error is thrown. So now I'm thinking that the problem may be with Linode's DNS manager interfering with the PLESK DNS management... so I wonder if I need to figure out how to have Linode pass DNS management through to Plesk...
 

Attachments

  • pleskCertIssue.txt
    162.1 KB · Views: 4
Last edited:
OK, I have PLESK set up as the slave DNS to Linode's master DNS, but I'm still getting the exact same error. DIG results appear OK.
I've manually created the .well-known/acme-challenge folder and placed a text.txt file there and it can be accessed from the web.

FYI... the domain I'm working with now is www.kengrammer.com.

At this point I'm a bit lost. Anyone have any additional ideas I can try?
 
Hi Ken Grammer,

you don't have a permanent redirect at the moment... just consider to get a valid certificate now again for your domain and pls. report back with the corresponding entries from your "panel.log" afterwards. ;)
 
Hi Ken Grammer,

BEFORE you test again, pls. check again for any possible ".htaccess" - files in your webroot - folder, as I noticed again a redirect from your-domain.com to www.your-domain.com, while checking your latest Let's Encrypt challenge URL. ;)
 
.htaccess looked ok, but I renamed it anyway and tested again. Same results.
Two tests down for this hour... :)

And the redirect was probably me testing. I had turned it on/off to test. I have it set to forward www to kengrammer.com right now.
 
Hi Ken Grammer,

again, just for your understanding and your tests, pls. inspect your "panel.log" ( best with "debug - log - level" - mode) to investigate and to understand what's going on during the certificate issue/validation process. You will save a lot of time this way, as the Let's Encrypt Extension logs ALL it's actions to this log. ;)



Additional informations:


Sometimes, it is as well a good idea to change the log - level ( TEMPORARILY! ), to get more informations in Plesk - log - files:

 
Just as a test, I pointed one of my domains back to my Debian 7.11 server (which is running PHP 5.4.45) and it produces the same error...
 
Wow. Thanks for re-posting that link. I had seen that early on but read it completely wrong. I assumed a MUST have the AAAA record for the IPV6 address, not that I needed to remove it. Once I removed the IPv6 records from the Linode DNS zone, I was able to create the LetsEncrypt certificate.

Now, the secondary problem is that I can't select the "kengrammer.com" preferred domain address. When I do that, I can't get to the web site using either "www.kengrammer.com" or "kengrammer.com". I have to select "none" to get the web site to render in the browser. I assume that would be a separate ticket, I just thought it was worth noting.

I will mark this thread as resolved. What a journey!
 
You must log in or register to reply here.

Similar threads

D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
293
Daiv
D
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
2K
Peter Debik
P
hansitheking
Resolved Let's Encrypt: Timeout during connect (likely firewall problem)
Replies
4
Views
5K
trialotto
T
Nicola Urbinati
Resolved Let'Encrypt SSL not issued
Replies
2
Views
2K
Nicola Urbinati
Nicola Urbinati
T
Issue Unable to install Let's Encrypt certificate for temporary domain
Replies
5
Views
2K
Peter Debik
P
Back
Top