• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Lets Encrypt Not Successful over port 80

D

Daiv

New Pleskian
Server operating system version
Ubuntu 22.04.4 LTS
Plesk version and microupdate number
18.0.59 Update #2
Hello, the letsencrypt cert for one of my domains failed to renew automatically and I cannot renew it manually. I get the following error in plesk when I try to assign the certificate:

Could not issue an SSL/TLS certificate for domain.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for domain.com. Authorization for the domain failed.

Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/333728792367.

Details:

Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: 52.71.31.112: Fetching https://www.domain.com/.well-known/acme-challenge/IMcVNgKNtrCm6fdzjyyHISKCcVh3HaG_2D2NzVVKblE: DNS problem: server failure at resolver looking up A for www.domain.com; DNS problem: server failure at resolver looking up AAAA for www.domain.com
Click to expand...

I used let's debug and it gave me the following response:

ANotWorking
ERROR
domain.com has an A (IPv4) record (52.71.31.112) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with domain.com/52.71.31.112: Get "https://www.domain.com/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Trace:
@0ms: Making a request to http://domain.com/.well-known/acme-challenge/letsdebug-test (using initial IP 52.71.31.112)
@0ms: Dialing 52.71.31.112
@205ms: Server response: HTTP 301 Moved Permanently
@205ms: Received redirect to https://www.domain.com/.well-known/acme-challenge/letsdebug-test
@10001ms: Experienced error: context deadline exceeded
Click to expand...

IssueFromLetsEncrypt
ERROR
A test authorization for domain.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
52.71.31.112: Fetching https://www.domain.com/.well-known/acme-challenge/_O2_EUGrR_rahzBUa6NVQNf6iGJD4XURtKfV31Qe02k: DNS problem: server failure at resolver looking up A for www.domain.com; DNS problem: server failure at resolver looking up AAAA for www.domain.com
Click to expand...
 
To me it looks like the errors from Let Debug seems to contradict each other. Specifying a DNS/lookup issue, but at the same the successfully accessing the URL and getting redirected. Kinda confusing.

Did the domain got transferred or did DNS records got pointed to another IP? If that's the case I would suggest to wait till the TTL has expired and try again later.
 
Hello and thank you for the reply. This is indeed confusing. No changes of any kind were made. The autorenew failed and I became aware of the issue only because of the browser privacy error message. We reviewed the DNS records and could not find anything. We were able to issue a cert for the domain without www - just domain.com , but the www.domain.com is still giving the error. I searched the forums here and elsewhere and I have not found this issue specifically. For example, the "similar threads" listed below are all getting a different error message. I just hope this doesn't happen as my other domains start to auto renw.
 
I'm facing the same issue and nothing has changed on our end either. Only recent update is Plesk Obsidian upgraded to new version. Please post a resolution if/when you have one. Thanks!
 
Hello. We found a solution: The issue was resolved by renaming the .well_known folder in /httpdocs for the website, and reissuing the certificate again.

I do not know why this worked or what caused it in the first place. If I can figure out anything in that regard, I will include that here. But at least those who have a similar problem can try this solution.
 
OK, here is some additional info:

Normally this happens when SEO HTTP to HTTPS redirection is turned on in the first attempt.
In this case just turning it off didn't help, because of that the whole .well_known folder was renamed.
For next domains, make sure that option is disabled in the first issue of the certificate and should be okay.
As reference:
https://support.plesk.com/hc/en-us/articles/12377318940055

I would mark this thread "resolved", but I can't see how that is done.
 
I do not believe that this is the correct solution, because by default Plesk does not store the token inside the website, but in an aliased virtual directory that can also be accessed if the website cannot. Plus, the DNS check clearly shows a DNS error. It might work "accidentally" for some attempts, but not reliably.
 
I don't know what I can say. That was the solution from my trouble ticket on support.plesk.com - I seem to be stuck between the "plesk guru" and the official Plesk Technical Support Engineer. What would you advise I do? Because I certainly don't know more than either of you guys. And he had full access to the server.
 
You must log in or register to reply here.

Similar threads

R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
836
Robin McDermott
R
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
1K
mendip_discovery
M
T
Issue SSL certificate renewal under cloudflare
Replies
0
Views
594
theplaza
T
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
S
Question Secure the plesk with SSL fails
Replies
9
Views
528
Shorty
S
Back
Top