• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Issue Problems Issuing a Let's Encrypt Certificate

R

Robin McDermott

Basic Pleskian
Server operating system version
AlmaLinux 9.5
Plesk version and microupdate number
Plesk Obsidian 18.0.66 Update #2
When I try to issue a Let's Encrypt Certificate, I get this following:

Could not issue an SSL/TLS certificate for mydomain.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for mydomain.com. Authorization for the domain failed.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/2209120705/470928486175.
Details:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: 207.21.xxx.xx: Fetching http://mydomain.com/.well-known/acme-challenge/SDVleuJRLDYtRanIfyX4fPZOifKWaxYnHXKb1v_huuU: Timeout during connect (likely firewall problem)
Click to expand...

I do have a hardware firewall...but didn't have this problem with my previous server which was behind the same hardware firewall.
 
Can you open the URL manually?
Is both the IPv4 (A record) and IPv6 (AAAA record) reachable? Both in and out traffic.
 
Do you allow http:// via the hardware firewall? Let's Encrypt will try to access the challenge URL via HTTP.
 
Martin Dias said:
Can you open the URL manually?
Is both the IPv4 (A record) and IPv6 (AAAA record) reachable? Both in and out traffic.
Click to expand...
Do you mean this one? http://mydomain.com/.well-known/acme-challenge/SDVleuJRLDYtRanIfyX4fPZOifKWaxYnHXKb1v_huuU:

When I try to open it with my domain in the url, I get:

SDVleuJRLDYtRanIfyX4fPZOifKWaxYnHXKb1v_huuU.N9e1xU5mklpy6psQYrgc3xKppNA7Ti9jjodp94Kyfhs

I do not have an IPv6 record for the domain. When I do a dns check on the IP address it can't find it, but when I search for the A record using the domain name, I can see it is pointing to the proper domain. I realize this might not answer your question...I might not know how to do what you are asking about.
 
Try to access the challenge URL from a different IP address than your usual IP. Your IP address might be whitelisted in the hardware firewall.
 
Raul A. said:
Try to access the challenge URL from a different IP address than your usual IP. Your IP address might be whitelisted in the hardware firewall.
Click to expand...
Hmmmm, good guess Raul! I think that is, in fact, the issue. Will talk with my host, Aptum, and ask them if that is the issue and to open up the port. Will report back.
 
You must log in or register to reply here.

Similar threads

A
Issue Can't reissue LE certificate
Replies
1
Views
328
Martin Dias
Martin Dias
V
Issue Failed to reassign let's encrypt
Replies
1
Views
340
Aleksei Fedorov
A
S
Question Secure the plesk with SSL fails
Replies
9
Views
738
Shorty
S
T
Issue SSL certificate renewal under cloudflare
Replies
0
Views
665
theplaza
T
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
1K
mendip_discovery
M
Back
Top