• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved Let's encrypt Certs doe not get renewed and cannot be issued

thomas wagner

New Pleskian
Hi to all,
since several days I'm digging around a Certificate problem. We are using a Windows 2019 Server with Plesk Obsedian V18.0.29_build20200807.15

The renewal of the Let's encrypt certs worked like a charm, since no certificate was renewed about 15 days ago.
Whenever a certificate should be renewed (or created) I got the following message (for all of our daomins):
Could not issue an SSL/TLS certificate for <domain>
The authorization token is not available at http://<domain>/.well-known/acme-challenge/2-rwwaODhSgh6Kqli0110SpRdczjupnN0V6PsqSxGzU.
In the PHP error log:
[2020-08-12 10:29:35] ERR [extension/letsencrypt] Domain validation failed: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/6478172285.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://<domain>/.well-known/acme-challenge/2-rwwaODhSgh6Kqli0110SpRdczjupnN0V6PsqSxGzU [92.204.49.53]: "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n<head>\r\n <meta charset=\"utf-8\">\r\n <meta http-equiv=\"x-ua-compatible\" content=\"ie=edge\">\r\n "

[2020-08-12 10:29:35] ERR [extension/sslit] Error happened while certificate processing : <span class='plesk-ext-letsencrypt--ui-problem-adviser-unauthorized-token-is-not-available-error' hidden></span>Could not issue a Let's Encrypt SSL/TLS certificate for <b><domain></b>.
<br/>
<br/>The authorization token is not available at <a href='http://<domain>/.well-known/acme-challenge/2-rwwaODhSgh6Kqli0110SpRdczjupnN0V6PsqSxGzU' target='_blank'>http://<domain>/.well-known/acme-challenge/2-rwwaODhSgh6Kqli0110SpRdczjupnN0V6PsqSxGzU</a>.
<br/>To resolve the issue, make sure that the token file can be downloaded via the above URL.
<br/><a href='Plesk Help Center' target='_blank'>See the related Knowledge Base article for details.</a>
<br/><span class='plesk-ext-letsencrypt--details-toggler' data-details-content-id='plesk-ext-letsencrypt--details-content-lb6CsDMagxUrhMgw' onclick='PleskExt.Letsencrypt.toggleCollapsibleDetails(this); return false;'>Details</span><div class='plesk-ext-letsencrypt--details-content' id='plesk-ext-letsencrypt--details-content-lb6CsDMagxUrhMgw' style='display: none'>Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/6478172285.<br />
Details:<br />
Type: urn:ietf:params:acme:error:unauthorized<br />
Status: 403<br />
Detail: Invalid response from http://<domain>/.well-known/acme-challenge/2-rwwaODhSgh6Kqli0110SpRdczjupnN0V6PsqSxGzU [92.204.49.53]: &quot;&lt;!DOCTYPE html&gt;\r\n&lt;html lang=\&quot;en\&quot;&gt;\r\n&lt;head&gt;\r\n &lt;meta charset=\&quot;utf-8\&quot;&gt;\r\n &lt;meta http-equiv=\&quot;x-ua-compatible\&quot; content=\&quot;ie=edge\&quot;&gt;\r\n &quot;</div><br/>


The token file is generated correctly in both folders:
c:\inetpub\vhosts\<domain>\httpdocs\.well-known\acme-challenge\
c:\Program Files (x86)\Plesk\var\acme-challenge\

When I try to access the token file (or another file in the acme challange directories with https://<domain>/.well-known/acme-challenge/2-rwwaODhSgh6Kqli0110SpRdczjupnN0V6PsqSxGzU. I get the expected result.

But when I try it with http (http://<domain>/.well-known/acme-challenge/2-rwwaODhSgh6Kqli0110SpRdczjupnN0V6PsqSxGzU. )
I get a 403 - Forbidden message
or
502 - Web server received an invalid response while acting as a gateway or proxy server.
(Depends on the <Domain>)
The credentials are set to anonymouse Access in Plesk and also in the IIS Manager.

I already tried to delete the acme folder, to repair the credentials, disabled/enabled http to https redirection.

Does anybody have an idea?

Regards

Thomas
 
I have the same problem - can't renew a cert - it did use to work seamlessly but no matter what I do I can't reissue a cert due to the same problem you mention above - 403 on the HTTP version of the file but can be viewed via https - I've followed the troubleshooting steps but am at a loss now as to how to fix. How did you resolve in the end?
 
I managed to fix this in the end. Loading up IIS and looking at the directory I just unticked the option to have SSL required. Now certs renew as expected without any problem.
 
I managed to fix this in the end. Loading up IIS and looking at the directory I just unticked the option to have SSL required. Now certs renew as expected without any problem.
I have some issue like this..
I can access https but not http...
What should i do ? I already unticked/ticked the option to have SSL required but it still can't access the http.. do you know why ?
 
Back
Top