Issue Let's encrypt not issuing SSL (authorisation token is not available)

[mudassar]

Server operating system version

windows server 2022

Plesk version and microupdate number

obsidian 18.0.47

Hi,
So I was perfectly able to get SSL on my first few domains. However suddenly when I try and issue an SSL cert, plesk does not show me the Key to add to the DNS. It directly goes to the error
"The authorization token is not available at http://.co.uk/.well-known/acme-challenge/wosJEPZj_PIDgyjl71ogFlAEJOF3Ev-7WI9e3js-jKk.
To resolve the issue, make sure that the token file can be downloaded via the above URL."

When I take the key at the end of the URL and add it in my DNS, trying to be smart, when I click 'get it free' the error is back, but with a NEW key.

I am being set up to fail, it is asking for a key in the DNS that it hasn't even told me yet.

what is the resolution to this?

 

[Peter Debik]

I'd assume that the domain is not routed to the webspace correctly. It will probably end up somewhere else. For that reason the acme-files cannot be read. Please check meticulously to which IP the domain resolves and if your web server is reacting correctly on the domain name, routing traffic into exactly that document root where you are trying to configure SSL.

 

[mudassar]

You are correct in that up until yesterday the website was hosted on another Plesk server. However, the website runs an SPA and when I moved the domain over to this server it came up with an error until I correctly deployed the app. So it is definitely pointing in the right direction and working as needed.

To test this issue further, I have assigned the new server as the NS for another domain, which is now correctly working, however I receive the same issue when trying to issue an SSL cert.

 

[mudassar]

I'd assume that the domain is not routed to the webspace correctly. It will probably end up somewhere else. For that reason the acme-files cannot be read. Please check meticulously to which IP the domain resolves and if your web server is reacting correctly on the domain name, routing traffic into exactly that document root where you are trying to configure SSL.

On your advise I decided to go through this all with a fine tooth comb.
The error says make sure that this file is downloadable:
http://DOMAIN.co.uk/.well-known/acme-challenge/f_WOX_GUztVW8yWkT2-714WALZuoDL2kCwI_tLbs_3U.

However in D:/Plesk/vhosts/domain/ there is no .well-known folder. So I am guessing this is the issue and needs resolving?

 

[Peter Debik]

I think that is correct, because the .well-known directory is located as a virtual directory outside the domain directories. You should be able to see a configuration entry in the web server configuration of that domain. Also, regarding your initial post, have you maybe set-up your other domains with SSL wildcard certificates and only this one with a single-domain-certificate? It can make a difference in handling, because for wildcard certificates a key needs to be entered into DNS, but for single-domain-certs it does not, but uses a token file instead.

 

[mudassar]

When I click 'SSL/TLS certificates' under 'Security' and then 'install free basic certificate prvided by let's encrypt' on the next page, I then select all of the boxes, including "
Secure the wildcard domain (including www and webmail)
*.Domain.co.uk"

 

[mudassar]

To be honest with you, I have never added SSL certificates in any other way than adding the _acme-challange value in the DNS. So I am unsure of the process.

 

[scsa20]

Hi there, please make sure you are selecting to issue a wildcard cert otherwise it will not give you the DNS entry to use.