Issue Can't Reload or Cancel Let's Encrypt SSL/TLS Certificate

[jherron]

Server operating system version

CentOS Linux 7.9.2009 (Core)

Plesk version and microupdate number

Obsidian Version 18.0.52

I had an SSL/TLS Certificate installed for a domain but it expired, and then I tried to delete the certificate so I could re-install but when I go to SSL/TLS Certificates in Plesk I can only 'Reload' or 'Cancel'. If I Reload it says:

Your domain is not secured with a valid SSL/TLS сertificate. Order or install it to secure data transfer, credit card transactions, logins, and other personal information.

To secure your domain, order a new certificate from the list below or upload an already purchased certificate.

When I click Cancel, I can click Install and then click Get it Free but it doesn't do anything and when I close the panel it shows the same message I get after clicking 'Reload', so I am stuck in a loop and am not sure what else to do.

My server knowledge is limited. Any help would be greatly appreciated.

 

[Peter Debik]

... and then click Get it Free but it doesn't do anything ...

This should display a page with four checkboxes, where you can select if the "www" and "webmail" subdomain shall be included in the certificate. From your description I understand that you click in "Get it Free", but you are not forwarded to that page. Is that a correct description of the situation?

 

[jherron]

This should display a page with four checkboxes, where you can select if the "www" and "webmail" subdomain shall be included in the certificate. From your description I understand that you click in "Get if Free", but you are not forwarded to that page. Is that a correct description of the situation?

I do get to the page with four checkboxes and the available domain aliases show correctly, but when I go to install it goes to a page I attached.

 

[artalva]

Please send a screenshot of the page that says Reload or Cancel. When it gives you those two options, there's usually an additional step you need to follow before you press Reload. Most commonly this: https://support.plesk.com/hc/en-us/articles/12377005928855

 

[jherron]

This is all I get on the page that says Reload or Cancel, I know the step you are referring too but I never get the page that shows the txt record to add to the DNS before clicking Reload.

 

[jherron]

I installed the cert no problem the first time, but after it expired, I may have done something incorrectly to delete it so I could try the install again.

 

[artalva]

That seems like a broken installation of the SSL It extension. We can troubleshoot more specific issues if you enable debug mode and post the panel logs, but for starters just try to reinstall the SSL It extension: https://support.plesk.com/hc/en-us/articles/12377511962007

That guide above shows how to do it on the web interface. On an SSH terminal, just run these two commands:

 plesk bin extension -u sslit

 plesk bin extension -i sslit

 

[jherron]

I tried running both commands, went to SSL Certificates for [redacted] and tried Install again but it did the same thing.

How do I enable debug log?

Thanks for your help.

 

[dokusch]

I have also exactly the same problem. Worked for a few years and always the TXT record to enter was shown but now I also only see the blue pop up with only the buttons…

 

[jherron]

I just tried another test and then viewed the Plesk section of the Log Browser and found this right after my test...

Domain validation failed for *.[redacted]: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/232495330717.
Details:
Type: urn:ietfarams:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y" found at _acme-challenge.[redacted]

I do have a DNS txt record with the name '_acme-challenge' with a value of 'AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y' so I am not sure what is wrong.

 

[pleskpanel]

I just tried another test and then viewed the Plesk section of the Log Browser and found this right after my test...

Domain validation failed for *.[redacted]: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/232495330717.
Details:
Type: urn:ietfarams:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y" found at _acme-challenge.[redacted]

I do have a DNS txt record with the name '_acme-challenge' with a value of 'AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y' so I am not sure what is wrong.

Looks like your DNS zone is at GoDaddy and you're missing that txt record:

Network Tools: DNS,IP,Email

DNS and Network troubleshooting and diagnostic tools integrated into one sweet interface.

mxtoolbox.com

 

[artalva]

The detail "Incorrect TXT record" means the site is supposed to have a different text record. In other words, the current DNS record is wrong.
Enable debug: https://support.plesk.com/hc/en-us/articles/12377672365975
The panel log is in /var/log/plesk/panel.log After enabling debug, you can check there or in the Log Browser for letsencrypt extension errors, and share them here.