• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Can't Reload or Cancel Let's Encrypt SSL/TLS Certificate

jherron

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Obsidian Version 18.0.52
I had an SSL/TLS Certificate installed for a domain but it expired, and then I tried to delete the certificate so I could re-install but when I go to SSL/TLS Certificates in Plesk I can only 'Reload' or 'Cancel'. If I Reload it says:

Your domain is not secured with a valid SSL/TLS сertificate. Order or install it to secure data transfer, credit card transactions, logins, and other personal information.

To secure your domain, order a new certificate from the list below or upload an already purchased certificate.

When I click Cancel, I can click Install and then click Get it Free but it doesn't do anything and when I close the panel it shows the same message I get after clicking 'Reload', so I am stuck in a loop and am not sure what else to do.

My server knowledge is limited. Any help would be greatly appreciated.
 
... and then click Get it Free but it doesn't do anything ...
This should display a page with four checkboxes, where you can select if the "www" and "webmail" subdomain shall be included in the certificate. From your description I understand that you click in "Get it Free", but you are not forwarded to that page. Is that a correct description of the situation?
 
Last edited:
This should display a page with four checkboxes, where you can select if the "www" and "webmail" subdomain shall be included in the certificate. From your description I understand that you click in "Get if Free", but you are not forwarded to that page. Is that a correct description of the situation?
I do get to the page with four checkboxes and the available domain aliases show correctly, but when I go to install it goes to a page I attached.
 

Attachments

  • Screenshot 2023-05-30 at 2.16.43 PM.png
    Screenshot 2023-05-30 at 2.16.43 PM.png
    398.4 KB · Views: 7
This is all I get on the page that says Reload or Cancel, I know the step you are referring too but I never get the page that shows the txt record to add to the DNS before clicking Reload.
 

Attachments

  • Screenshot 2023-05-30 at 3.10.09 PM.png
    Screenshot 2023-05-30 at 3.10.09 PM.png
    124.1 KB · Views: 10
I installed the cert no problem the first time, but after it expired, I may have done something incorrectly to delete it so I could try the install again.
 
That seems like a broken installation of the SSL It extension. We can troubleshoot more specific issues if you enable debug mode and post the panel logs, but for starters just try to reinstall the SSL It extension: https://support.plesk.com/hc/en-us/articles/12377511962007

That guide above shows how to do it on the web interface. On an SSH terminal, just run these two commands:
Code:
 plesk bin extension -u sslit
Code:
 plesk bin extension -i sslit
 
I tried running both commands, went to SSL Certificates for [redacted] and tried Install again but it did the same thing.

How do I enable debug log?

Thanks for your help.
 
Last edited by a moderator:
I have also exactly the same problem. Worked for a few years and always the TXT record to enter was shown but now I also only see the blue pop up with only the buttons…
 
I just tried another test and then viewed the Plesk section of the Log Browser and found this right after my test...

Domain validation failed for *.[redacted]: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/232495330717.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y" found at _acme-challenge.[redacted]

I do have a DNS txt record with the name '_acme-challenge' with a value of 'AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y' so I am not sure what is wrong.
 
Last edited by a moderator:
I just tried another test and then viewed the Plesk section of the Log Browser and found this right after my test...

Domain validation failed for *.[redacted]: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/232495330717.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y" found at _acme-challenge.[redacted]

I do have a DNS txt record with the name '_acme-challenge' with a value of 'AiUQ9L4pCpRVXipG8BAhvkwn8U5kDbTj8AHQAh41Y6Y' so I am not sure what is wrong.
Looks like your DNS zone is at GoDaddy and you're missing that txt record:
 
Last edited by a moderator:
The detail "Incorrect TXT record" means the site is supposed to have a different text record. In other words, the current DNS record is wrong.
Enable debug: https://support.plesk.com/hc/en-us/articles/12377672365975
The panel log is in /var/log/plesk/panel.log After enabling debug, you can check there or in the Log Browser for letsencrypt extension errors, and share them here.
 
Back
Top