• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Let's encrypt certificate problem

Z

Zoo3

Regular Pleskian
Last summer I used Let's encrypt as well as Plesk. I have encountered this problem three times since then.

"Could not issue a Let's Encrypt SSL/TLS certificate for DOMAIN" error.


Error: Could not issue a Let's Encrypt SSL/TLS certificate for MY-DOMAIN.

The authorization token is not available at https://MY-DOMAIN/.well-known/acme-challenge/GGGHHHIIIJJJKKK.
The token file '/MY-FULL-PATH/ROOT//.well-known/acme-challenge/GGGHHHIIIJJJKKK' is either unreadable or does not have the read permission.
To resolve the issue, correct the permissions on the token file to make it is possible to download it via the above URL.
See the related Knowledge Base article for details.

Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/AAABBBCCCDDDEEEFFF.

Details:
Type: urn:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://MY-DOMAIN/.well-known/acme-challenge/GGGHHHIIIJJJKKK: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"​


Since IPv6 can't be used under my contract, troubleshooting in the above error sentence couldn't be used.

The solution I found is as follows.
Delete error website certificate. Invalid use of SSL/TLS of website, erase additional directive. Once I update the website settings. And delete the .well-known directory. Then restore the setting again. Then install the certificate with Let's Encrypt module.

I asked my close friend this symptom. It was said that this was not a Let's Encrypt but a problem on Plesk side (or a problem with Let's Encrypt plugin in Plesk).

When I first encountered this problem, I didn't know the solution and broke the whole server. This type of problem is very scary.

Is there a way to prevent this authentication problem?

--
CentOS 7.3 / Plesk 17.0.17 update 42
 
Your close friend is wrong. This is neither a Plesk, nor Let's Encrypt issue. It is caused by an inaccessible .well-known directory through the web server. This again is normally caused by either permission errors, directory ownership errors on the parent directory or by rewrite rules that are redirecting all requests to ./well-known or its contents to a different location. It is a very common issue and occurs on bare bone / do-it-yourself-configured servers, too, that are for example using the certbot script.

In order for Let's Encrypt to operate properly you must make sure that the .well-known directory can be written to and read from by the web server. If you encounter the above mentioned error, this is not the case.
 
Thank you for reply.

Since I was writing permission in the error sentence, I attempted to change permission and ownership at the very beginning, but it was not able to solve as a result.
What owner and permission of the .well-known directory should be?
 
Just an elemental question: the domain is working on this server or is pointing to other?
This is a common problem when the domain is pointing to other ip/server and Let's encrypt trying to download the auth from a inexistent directory to authorize this request.

Best regards,
Horacio
 
You must log in or register to reply here.

Similar threads

D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
345
Daiv
D
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
2K
Peter Debik
P
J
Issue Error when renewing SSL certificate
Replies
1
Views
500
Peter Debik
P
D
Issue Automatic renewal via SSLit doesn't work for wildcard certificates
Replies
0
Views
488
D3nnis3n
D
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
261
Azurel
Azurel
Back
Top