Issue Plesk & Let's Encrypt problem

[kriszkrisz]

Hello!

I use Plesk 12.5.30 , and I installed the let's Encrypt 2.0.2 extension from the "Server Management/Extension" menu. After, I tried to install SSLCert for one subdomain and the alternative "www." version too.

When I tried to install the cert from the "Server Management/Extension/Let's Encrypt" section, I get this message:

Error: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Invalid response from http://sub.main.eu/.well-known/acme-challenge/xAq1z4SbeQScut0JMv3CPGygmTNkIo_Y9_Ui3vaZ5cI: "<!DOCTYPE html>
<html lang="hu">
<head>
<meta charset="utf-8" />
<title>V.I.P. Angol - Ingyenes Angol Tanulás Neked és Gyerm"

When I tried to install the cert from the "Hosting Service/Domains" section ( I clicked on our subdomain, and after the "let's encrypt" icon and the install button), I get this message:

Error: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Invalid response from http://sub.main.eu/.well-known/acme-challenge/PFlNvyYui68YnWxmGmxxxd_Y9FOJ-LPrLJr-3piZ1Os: "<!DOCTYPE html>
<html lang="hu">
<head>
<meta charset="utf-8" />
<title>V.I.P. Angol - Ingyenes Angol Tanulás Neked és Gyerm"

I tried these methods as admin. I tried to login Plesk as a Customer. I clicked "Websites and Domains" section, and I clicked the "let's encrypt" icon at our subdomains. I get the same error:

"Error: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Invalid response from http://sub.main.eu/.well-known/acme-challenge/26ucCf2kVN3XOYLu95g7KYM8i-z-UWTGGrzfynx2lPM: "<!DOCTYPE html>
<html lang="hu">
<head>
<meta charset="utf-8" />
<title>V.I.P. Angol - Ingyenes Angol Tanulás Neked és Gyerm""

Do you know, what will the solution for this problem?
I tried some trick (make .well-known folders, etc), but i cannot solve the problem

 

[nilsringersma_nl]

Did you recently change the DNS for your domain name?

 

[UFHH01]

Hi kriszkrisz,

since the Plesk Let's Encrypt Extension v2.0.3

Changes
2.0.3 (13 April 2017)

• The extension now logs its communication with the Let's Encrypt servers in the "panel.log". This enables better troubleshooting when there are some issues with requesting a certificate.

Pls. update/upgrade your extensions and afterwards, pls. repeat your steps and investigate possible issues/errors/problems in your "panel.log".

 

[Peter Downes]

Hello

Having an issue renewing a Let's Encrypt Cert.
Where would I find the panel.log?

I think I need to have a look in it.
Thanks for your help.

 

[UFHH01]

Hi Peter Downes,

pls. notice, that Plesk provides an up-to-date KB - article, where you can find configuration files and log - files, related to Plesk components:

=> Plesk for Linux services logs and configuration files ( KB - article: 213403509 )​

 

[durian808]

I was having the same problem just now and it appears related to Nginx.

This was helpful:
Resolved - Install the certificate let's encrypt

Specifically, add this to Nginx directives at HOME > Subscription > YOUR-DOMAIN.COM > Apache & nginx Settings:

location ~ /.well-known {
  allow all;
}

This was also helpful:
How long I got block from invalid authorization?

... if you get "Error creating new authz :: Too many invalid authorizations recently." You need to wait at least 1 hr. before trying again.

******

MY SOLUTION turned out to be that I was attempting to create the certificate prior to changing the name servers on my domain – in other words, the domain was still hosted elsewhere. My tech support guy commented...

It's making a file and then that file has to be able to be called via a curl request, so its failing."

So, make sure your DNS is fully propagated before attempting to create certificates.

 

[Prod Juan]

(snip)

This was also helpful:
How long I got block from invalid authorization?

... if you get "Error creating new authz :: Too many invalid authorizations recently." You need to wait at least 1 hr. before trying again.

******

MY SOLUTION turned out to be that I was attempting to create the certificate prior to changing the name servers on my domain – in other words, the domain was still hosted elsewhere. My tech support guy commented...


So, make sure your DNS is fully propagated before attempting to create certificates.

Here's a tool site that can help you determine how far out the DNS propagation has reached:
www.whatsmydns.net

 

[durian808]

TO: the moderator of this forum...

FYI, the notification email for Juan's comment went to the Spam folder on my Gmail account.

Here's some info that can help you solve that problem:

Subject: Issue - Plesk & Let's Encrypt problem - New reply to watched thread
SPF: NEUTRAL with IP 195.214.233.99
DMARC: FAIL

SPF should be PASS.
DMARC should be PASS.
DKIM was not used by the sending mail server, but should be.

I hope this helps.

 

[IgorG]

TO: the moderator of this forum...

FYI, the notification email for Juan's comment went to the Spam folder on my Gmail account.

Here's some info that can help you solve that problem:

Subject: Issue - Plesk & Let's Encrypt problem - New reply to watched thread
SPF: NEUTRAL with IP 195.214.233.99
DMARC: FAIL

SPF should be PASS.
DMARC should be PASS.
DKIM was not used by the sending mail server, but should be.

I hope this helps.

We changed IP of forum with correct PTR record. Now all should work correctly.