• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue pki-validation folder returns 404 on new server

M

MarkDale

New Pleskian
Hello Folks,

I have just migrated to a new Plesk Obsidian server.
All is going well except when I try to browse to any file in the /.well-known/pki-validation/ folder I get a 404 error.
Files in /.well-known/ load fine.
The errors in the Logs are below
1639304796181.png

The behaviour is the same across all sites in all subscriptions - so I assume is some server configuration / permission setting that I have missed - but can't find anything in settings or any related problems on chat forums.

Any help sincerely welcome.

Thanks!
 
@Jose Isla ,

It may look foolish but,
would you please try to create the same verification file under/var/www/vhosts/default/htdocs/.well-known/pki-validation/youfile.txt and try to verify it once again?

Note: If the folder does not exist /var/www/vhosts/default/htdocs/.well-known/pki-validation please crete it

root cause: use-common-challenge-dir
 
Many thanks for teh response - I will test it shortlly
elseone_arvind said:
@Jose Isla ,

It may look foolish but,
would you please try to create the same verification file under/var/www/vhosts/default/htdocs/.well-known/pki-validation/youfile.txt and try to verify it once again?

Note: If the folder does not exist /var/www/vhosts/default/htdocs/.well-known/pki-validation please crete it

root cause: use-common-challenge-dir
Click to expand...

Many thanks for the response, I will test it shortly.

It seems to present a challenge, as not all site owners will have access to this directory.

I notice the comment at the foot of your reply that states root cause: use-common-challenge-dir

From my limited research this seems to be a Let's Encrypt setting - which I imagine would affect the acme-challenge directory.

Could it affect the pki-validation directory as well? And should we be finding this setting and changing it to false?

Many thanks again for your help with this

Mark
 
MarkDale said:
Hello Folks,

I have just migrated to a new Plesk Obsidian server.
All is going well except when I try to browse to any file in the /.well-known/pki-validation/ folder I get a 404 error.
Files in /.well-known/ load fine.
The errors in the Logs are below
View attachment 19898

The behaviour is the same across all sites in all subscriptions - so I assume is some server configuration / permission setting that I have missed - but can't find anything in settings or any related problems on chat forums.

Any help sincerely welcome.

Thanks!
Click to expand...
Did you fix it?

Exactly the same issue
Files in /.well-known/ works

But
Files in /.well-known/pki-validation
404 Not Found
nginx


elseone_arvind said:
@Jose Isla ,

It may look foolish but,
would you please try to create the same verification file under/var/www/vhosts/default/htdocs/.well-known/pki-validation/youfile.txt and try to verify it once again?

Note: If the folder does not exist /var/www/vhosts/default/htdocs/.well-known/pki-validation please crete it

root cause: use-common-challenge-dir
Click to expand...

Tried it but it didn't work.
 
In my case it happened after i enabled extension sectigo.
Disable extension sectigo or remove sectigo config in special domain 's nginx conf. Restart nginx with "service nginx restart" command.

Ex: /etc/nginx/plesk.conf.d/vhosts/yourdomain.conf
#extension sectigo begin
location ^~ /.well-known/pki-validation/fileauth.txt {
try_files $uri $uri/ =404;
}

location ^~ /.well-known/pki-validation/ {
root /var/www/vhosts/default/htdocs;

types { }
default_type text/plain;

satisfy any;
auth_basic off;
allow all;

location ~ ^/\.well-known/pki-validation.*/\. {
deny all;
}
}
#extension sectigo end
 
Hi,

This is usually an issue with the Sectigo SSL exension. Sectigo SSL extension is blocking any web request to get to files under /.well-known/pki-validation.

To solve that, login to Plesk, go to the Extensions tab, select My Extensions and disable Sectigo SSL extension.

Disabling the extension doesn't recreate the server configuration file, in which the problematic lines are stored. So you will need te recreate the webserver configuration for the concerned domain(s). To do so, login to your Plesk server using SSH and run the following command (make sure to login with an account that allow you to use the Plesk CLI) :

plesk repair web -server example.com
Click to expand...
where example.com is the domain name with the validation issue.

Files under /.well-known/pki-validation should now be accessible.
 
jmcouillard said:
Hi,

This is usually an issue with the Sectigo SSL exension. Sectigo SSL extension is blocking any web request to get to files under /.well-known/pki-validation.

To solve that, login to Plesk, go to the Extensions tab, select My Extensions and disable Sectigo SSL extension.

Disabling the extension doesn't recreate the server configuration file, in which the problematic lines are stored. So you will need te recreate the webserver configuration for the concerned domain(s). To do so, login to your Plesk server using SSH and run the following command (make sure to login with an account that allow you to use the Plesk CLI) :


where example.com is the domain name with the validation issue.

Files under /.well-known/pki-validation should now be accessible.
Click to expand...
Hi - thank you very much. This worked for me.
 
I don't know if anyone from Plesk ever reads these forums but I would just say - did you test this? did you know about this? was it deliberate? i can't speak for others but this issue cost me 2 hours. Using this folder seems pretty standard. yet it is blocked out of the box in a mysterious way. Today I had one of those surveys pop up - would you recommend Plesk? No. How could I?

The answer seems to be the one provided by jmcouillard above
 
hello everyone.

there are possible workarounds below:
  • Disable common challenge dir

    plesk ext sslit --common-challenge-dir -disable

  • Use explicit additional Nginx directive in Apache & nginx Settings of the domain, something like

    location = /.well-known/pki-validation/ {
    alias /var/www/vhosts/<your_domainSpaceDir_here>/httpdocs/.well-known/pki-validation/;
    }
 
You must log in or register to reply here.

Similar threads

S
Issue Files And Folders In httpdocs Not Found
Replies
2
Views
174
Sebahat.hadzhi
Sebahat.hadzhi
Daerik
Issue Error Upgrading Plesk Obsidian 18.0.63 to 18.0.64: HTTPS Error 404 - Not Found (MaxScale Repo)
Replies
6
Views
694
Daerik
Daerik
J.Wick
Let's Encrypt Directives Left Over in NGINX.conf when moving to other SSL options.
Replies
6
Views
2K
scsa20
scsa20
S
Resolved How to Redirect /usage folder from 403 to 404 http code
Replies
2
Views
2K
siska8080
S
K
Issue Nextcloud Your web server is not properly set up to resolve
Replies
1
Views
976
UnixDrive
U
Back
Top