• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Installing Let's Encrypt Certificate Fails

G

gbotica

Regular Pleskian
Hi,
I am migrating a bunch of sites from Plesk 12.0.18 to Onyx (latest). All has gone well, using Plesk Migrator.

However, I have one site that won't let me install a Let's Encrypt Certificate (worked OK for all others). This site has a GeoTrust certificate installed. The cert was successfully transferred as a result of the migration, but if I try and replace it with a Let's Encrpyt certificate I get the following message in the Plesk UI:

Code: 
Error: Could not issue a Let's Encrypt SSL/TLS certificate for AAAAAA.co.nz. Authorization for the domain failed.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/8Vpupdn9CxoYpMyebl43YBbJzcRW1VoNlGt46DUy3hw.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://BBBB.BBBBB.co.nz:8443: Invalid port in redirect target. Only ports 80 and 443 are supported, not 8443

Weird thing is .. the "Detail: Fetching https://BBBB.BBBBB.co.nz ... " URL is for the Plesk Panel, from the old server that it was migrated from. For some reason the Let's Encrpyt install script is trying the verify the old Plesk Panel URL, instead of the URL for the actual site.

Presumably, I can fix this by editing something in the psa database?

Any help appreciated.

Thanks.
 
Hi gbotica,

Is the domain accessible from the internet? the domain is not password protected, right? The Let's Encrypt api needs to have access to the domain to perform the certificate generation process.
 
garcue said:
Hi gbotica,

Is the domain accessible from the internet? the domain is not password protected, right? The Let's Encrypt api needs to have access to the domain to perform the certificate generation process.
Click to expand...

Hi, yes -- accessible from the internet and no password protection. There was an Apache rewrite to redirect port 80 to https. I had tried disabling it previously, but didn't have any result.

However, I just tried again and it worked!

Awesome -- thanks for your help.

FYI, here's the rewrite I disabled:

Code: 
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://BBB.BBBBBBBB.co.nz/$1 [R,L]
</IfModule>
 
Actually... just realised what the problem was. I was also including a domain alias in the Let's Encrypt certificate and the A record for that domain still points to the old server. Doh!

Solved. Thanks for your assistance.
 
You must log in or register to reply here.

Similar threads

D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
334
Daiv
D
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
2K
Peter Debik
P
D
Issue Automatic renewal via SSLit doesn't work for wildcard certificates
Replies
0
Views
483
D3nnis3n
D
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
256
Azurel
Azurel
W
Issue Trying in issue SSL for domain name
Replies
1
Views
609
Peter Debik
P
Back
Top