• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Can't Reload or Cancel Let's Encrypt SSL/TLS Certificate

J

jherron

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Obsidian Version 18.0.52
I had an SSL/TLS Certificate installed for a domain but it expired, and then I tried to delete the certificate so I could re-install but when I go to SSL/TLS Certificates in Plesk I can only 'Reload' or 'Cancel'. If I Reload it says:

Your domain is not secured with a valid SSL/TLS сertificate. Order or install it to secure data transfer, credit card transactions, logins, and other personal information.

To secure your domain, order a new certificate from the list below or upload an already purchased certificate.

When I click Cancel, I can click Install and then click Get it Free but it doesn't do anything and when I close the panel it shows the same message I get after clicking 'Reload', so I am stuck in a loop and am not sure what else to do.

My server knowledge is limited. Any help would be greatly appreciated.
 
jherron said:
... and then click Get it Free but it doesn't do anything ...
Click to expand...
This should display a page with four checkboxes, where you can select if the "www" and "webmail" subdomain shall be included in the certificate. From your description I understand that you click in "Get it Free", but you are not forwarded to that page. Is that a correct description of the situation?
 
Last edited:
Peter Debik said:
This should display a page with four checkboxes, where you can select if the "www" and "webmail" subdomain shall be included in the certificate. From your description I understand that you click in "Get if Free", but you are not forwarded to that page. Is that a correct description of the situation?
Click to expand...
I do get to the page with four checkboxes and the available domain aliases show correctly, but when I go to install it goes to a page I attached.
 

Attachments

  • Screenshot 2023-05-30 at 2.16.43 PM.png
    Screenshot 2023-05-30 at 2.16.43 PM.png
    398.4 KB · Views: 6
This is all I get on the page that says Reload or Cancel, I know the step you are referring too but I never get the page that shows the txt record to add to the DNS before clicking Reload.
 

Attachments

  • Screenshot 2023-05-30 at 3.10.09 PM.png
    Screenshot 2023-05-30 at 3.10.09 PM.png
    124.1 KB · Views: 9
I installed the cert no problem the first time, but after it expired, I may have done something incorrectly to delete it so I could try the install again.
 
That seems like a broken installation of the SSL It extension. We can troubleshoot more specific issues if you enable debug mode and post the panel logs, but for starters just try to reinstall the SSL It extension: https://support.plesk.com/hc/en-us/articles/12377511962007

That guide above shows how to do it on the web interface. On an SSH terminal, just run these two commands:
Code: 
 plesk bin extension -u sslit
Code: 
 plesk bin extension -i sslit
 
I tried running both commands, went to SSL Certificates for [redacted] and tried Install again but it did the same thing.

How do I enable debug log?

Thanks for your help.
 
Last edited by a moderator:
I have also exactly the same problem. Worked for a few years and always the TXT record to enter was shown but now I also only see the blue pop up with only the buttons…
 
I just tried another test and then viewed the Plesk section of the Log Browser and found this right after my test...

Domain validation failed for *.[redacted]: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/232495330717.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y" found at _acme-challenge.[redacted]

I do have a DNS txt record with the name '_acme-challenge' with a value of 'AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y' so I am not sure what is wrong.
 
Last edited by a moderator:
jherron said:
I just tried another test and then viewed the Plesk section of the Log Browser and found this right after my test...

Domain validation failed for *.[redacted]: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/232495330717.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y" found at _acme-challenge.[redacted]

I do have a DNS txt record with the name '_acme-challenge' with a value of 'AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y' so I am not sure what is wrong.
Click to expand...
Looks like your DNS zone is at GoDaddy and you're missing that txt record:
mxtoolbox.com

Network Tools: DNS,IP,Email

DNS and Network troubleshooting and diagnostic tools integrated into one sweet interface.
mxtoolbox.com mxtoolbox.com
 
Last edited by a moderator:
The detail "Incorrect TXT record" means the site is supposed to have a different text record. In other words, the current DNS record is wrong.
Enable debug: https://support.plesk.com/hc/en-us/articles/12377672365975
The panel log is in /var/log/plesk/panel.log After enabling debug, you can check there or in the Log Browser for letsencrypt extension errors, and share them here.
 
You must log in or register to reply here.

Similar threads

D
Issue can only create webmail certificates
Replies
1
Views
368
deepnpisgah
D
B
Resolved Shared hosting with multiple domains SSL/TLS issues
2
Replies
20
Views
2K
bork
B
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
343
Daiv
D
f0rtem
Question Unable to use SSL unless I expose my IP?
Replies
2
Views
788
f0rtem
f0rtem
Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2
Replies
28
Views
6K
marcoherzog
M
Back
Top