• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Installing Let's Encrypt Certificate Fails

gbotica

Regular Pleskian
Hi,
I am migrating a bunch of sites from Plesk 12.0.18 to Onyx (latest). All has gone well, using Plesk Migrator.

However, I have one site that won't let me install a Let's Encrypt Certificate (worked OK for all others). This site has a GeoTrust certificate installed. The cert was successfully transferred as a result of the migration, but if I try and replace it with a Let's Encrpyt certificate I get the following message in the Plesk UI:

Code:
Error: Could not issue a Let's Encrypt SSL/TLS certificate for AAAAAA.co.nz. Authorization for the domain failed.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/8Vpupdn9CxoYpMyebl43YBbJzcRW1VoNlGt46DUy3hw.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://BBBB.BBBBB.co.nz:8443: Invalid port in redirect target. Only ports 80 and 443 are supported, not 8443

Weird thing is .. the "Detail: Fetching https://BBBB.BBBBB.co.nz ... " URL is for the Plesk Panel, from the old server that it was migrated from. For some reason the Let's Encrpyt install script is trying the verify the old Plesk Panel URL, instead of the URL for the actual site.

Presumably, I can fix this by editing something in the psa database?

Any help appreciated.

Thanks.
 
Hi gbotica,

Is the domain accessible from the internet? the domain is not password protected, right? The Let's Encrypt api needs to have access to the domain to perform the certificate generation process.
 
Hi gbotica,

Is the domain accessible from the internet? the domain is not password protected, right? The Let's Encrypt api needs to have access to the domain to perform the certificate generation process.

Hi, yes -- accessible from the internet and no password protection. There was an Apache rewrite to redirect port 80 to https. I had tried disabling it previously, but didn't have any result.

However, I just tried again and it worked!

Awesome -- thanks for your help.

FYI, here's the rewrite I disabled:

Code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://BBB.BBBBBBBB.co.nz/$1 [R,L]
</IfModule>
 
Actually... just realised what the problem was. I was also including a domain alias in the Let's Encrypt certificate and the A record for that domain still points to the old server. Doh!

Solved. Thanks for your assistance.
 
Back
Top