• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • The ImunifyAV extension is now deprecated and no longer available for installation.
    Existing ImunifyAV installations will continue operating for three months, and after that will automatically be replaced with the new Imunify extension. We recommend that you manually replace any existing ImunifyAV installations with Imunify at your earliest convenience.

Issue Problems Issuing a Let's Encrypt Certificate

R

Robin McDermott

Basic Pleskian
Server operating system version
AlmaLinux 9.5
Plesk version and microupdate number
Plesk Obsidian 18.0.66 Update #2
When I try to issue a Let's Encrypt Certificate, I get this following:

Could not issue an SSL/TLS certificate for mydomain.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for mydomain.com. Authorization for the domain failed.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/2209120705/470928486175.
Details:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: 207.21.xxx.xx: Fetching http://mydomain.com/.well-known/acme-challenge/SDVleuJRLDYtRanIfyX4fPZOifKWaxYnHXKb1v_huuU: Timeout during connect (likely firewall problem)
Click to expand...

I do have a hardware firewall...but didn't have this problem with my previous server which was behind the same hardware firewall.
 
Can you open the URL manually?
Is both the IPv4 (A record) and IPv6 (AAAA record) reachable? Both in and out traffic.
 
Do you allow http:// via the hardware firewall? Let's Encrypt will try to access the challenge URL via HTTP.
 
Martin Dias said:
Can you open the URL manually?
Is both the IPv4 (A record) and IPv6 (AAAA record) reachable? Both in and out traffic.
Click to expand...
Do you mean this one? http://mydomain.com/.well-known/acme-challenge/SDVleuJRLDYtRanIfyX4fPZOifKWaxYnHXKb1v_huuU:

When I try to open it with my domain in the url, I get:

SDVleuJRLDYtRanIfyX4fPZOifKWaxYnHXKb1v_huuU.N9e1xU5mklpy6psQYrgc3xKppNA7Ti9jjodp94Kyfhs

I do not have an IPv6 record for the domain. When I do a dns check on the IP address it can't find it, but when I search for the A record using the domain name, I can see it is pointing to the proper domain. I realize this might not answer your question...I might not know how to do what you are asking about.
 
Try to access the challenge URL from a different IP address than your usual IP. Your IP address might be whitelisted in the hardware firewall.
 
Raul A. said:
Try to access the challenge URL from a different IP address than your usual IP. Your IP address might be whitelisted in the hardware firewall.
Click to expand...
Hmmmm, good guess Raul! I think that is, in fact, the issue. Will talk with my host, Aptum, and ask them if that is the issue and to open up the port. Will report back.
 
You must log in or register to reply here.

Similar threads

T
Issue SSL certificate renewal under cloudflare
Replies
0
Views
455
theplaza
T
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
841
mendip_discovery
M
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
1K
HungLuu
H
M
Issue Wordpress MU alias domains with Let's Encrypt - hit the error: Order cannot contain more than 100 DNS names
Replies
1
Views
467
Kaspar
K
J
Issue Let's encrypt for Plesk cannot be renewed status 500
Replies
1
Views
845
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top