• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question Renew Let's encrypt cert failed after added inbound rule for aws ec2

P

peteeeeeee

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Plesk Obsidian Version 18.0.52
I am hosting Plesk in aws ec2, recently added some security group inbound rules, and let's encrypt seems cannot renew. As it is an internal site, so 80/443 port is not accessible to the public. May I know what should I do to renew the Let's Encrypt cert? What IP/ port should I configure in inbound rules?

I found the below error:
JSON: 
{
    "identifier": {
        "type": "dns",
        "value": "xxx.xxx.com"
    },
    "status": "invalid",
    "expires": "2023-06-14T03:42:33Z",
    "challenges": [
        {
            "type": "http-01",
            "status": "invalid",
            "error": {
                "type": "urn:ietf:params:acme:error:connection",
                "detail": "x.x.x.x: Fetching http://xxx.xxx.com/.well-known/acme-challenge/VFeX-xeaPhH-6BZA...: Timeout during connect (likely firewall problem)",
                "status": 400
            },
            "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/234622951847/g1GmzQ",
            "token": "VFeX-xeaPhH-6BZA...",
            "validationRecord": [
                {
                    "url": "http://xxx.xxx.com/.well-known/acme-challenge/VFeX-xeaPhH-6BZA...",
                    "hostname": "xxx.xxx.com",
                    "port": "80",
                    "addressesResolved": [
                        "x.x.x.x"
                    ],
                    "addressUsed": "x.x.x.x"
                }
            ],
            "validated": "2023-06-07T03:42:34Z"
        }
    ]
}
 
I am not perfectly sure, but think that the only workaround in such a case is to use a Wildcard certificate instead, because only for Wildcard certs Plesk supports DNS-01 challenge. For other certificates it only supports SAN-01 which requires port 80 to be open and the web server to respond on it. We have a feature request for DNS-01 challenge support that you can vote for if you believe that it is an important feature that needs to be added: Issue Let's Encrypt Wildcard (and others) certificate without main domain in SAN (use DNS-01 challenge only)
 
You must log in or register to reply here.

Similar threads

L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
1K
Leta
L
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
2K
Daiv
D
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
5K
Peter Debik
P
P
Resolved Could not issue/renew Let`s Encrypt certificates for admin
Replies
7
Views
3K
hello_world.c
H
H
Resolved Wildcard SSL Certificate Auto Renewals not Working for Let's Encrypt with External DNS
Replies
6
Views
7K
NickSick
N
Back
Top