• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Renew Let's encrypt cert failed after added inbound rule for aws ec2

P

peteeeeeee

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Plesk Obsidian Version 18.0.52
I am hosting Plesk in aws ec2, recently added some security group inbound rules, and let's encrypt seems cannot renew. As it is an internal site, so 80/443 port is not accessible to the public. May I know what should I do to renew the Let's Encrypt cert? What IP/ port should I configure in inbound rules?

I found the below error:
JSON: 
{
    "identifier": {
        "type": "dns",
        "value": "xxx.xxx.com"
    },
    "status": "invalid",
    "expires": "2023-06-14T03:42:33Z",
    "challenges": [
        {
            "type": "http-01",
            "status": "invalid",
            "error": {
                "type": "urn:ietf:params:acme:error:connection",
                "detail": "x.x.x.x: Fetching http://xxx.xxx.com/.well-known/acme-challenge/VFeX-xeaPhH-6BZA...: Timeout during connect (likely firewall problem)",
                "status": 400
            },
            "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/234622951847/g1GmzQ",
            "token": "VFeX-xeaPhH-6BZA...",
            "validationRecord": [
                {
                    "url": "http://xxx.xxx.com/.well-known/acme-challenge/VFeX-xeaPhH-6BZA...",
                    "hostname": "xxx.xxx.com",
                    "port": "80",
                    "addressesResolved": [
                        "x.x.x.x"
                    ],
                    "addressUsed": "x.x.x.x"
                }
            ],
            "validated": "2023-06-07T03:42:34Z"
        }
    ]
}
 
I am not perfectly sure, but think that the only workaround in such a case is to use a Wildcard certificate instead, because only for Wildcard certs Plesk supports DNS-01 challenge. For other certificates it only supports SAN-01 which requires port 80 to be open and the web server to respond on it. We have a feature request for DNS-01 challenge support that you can vote for if you believe that it is an important feature that needs to be added: Issue Let's Encrypt Wildcard (and others) certificate without main domain in SAN (use DNS-01 challenge only)
 
You must log in or register to reply here.

Similar threads

L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
3K
Daiv
D
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
6K
Peter Debik
P
P
Resolved Could not issue/renew Let`s Encrypt certificates for admin
Replies
7
Views
4K
hello_world.c
H
H
Resolved Wildcard SSL Certificate Auto Renewals not Working for Let's Encrypt with External DNS
Replies
6
Views
7K
NickSick
N
Back
Top