• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

SSL certificate renewal is failing for an add-on domain, slash missing from "/.well-known"

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
TITLE:
SSL certificate renewal is failing for an add-on domain, slash missing from "/.well-known"
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx 17.0, latest MU, latest extension version 2.03, CentOS 7.3, 64-Bit
PROBLEM DESCRIPTION:
SSL certificate renewal is failing for an add-on domain with this message:

[2017-04-28 15:30:06] ERR [extension/letsencrypt] Cannot renew certificate on domain DOMAIN-1.TLD with error: Challenge marked as invalid. Details: Could not connect to www.DOMAIN-2.TLD.well-known

Discussion here:
Issue - Let's Encrypt unclear renewal failure
[Edit 2017-04-30: RESOLVED, different issue, redirect problem]

and here:
Cannot renew certifcate because of wrong url · Issue #153 · plesk/letsencrypt-plesk · GitHub
[not yet resolved]

Some users report this for subdomains, we are seeing it for a regular add-on domain to a subscription.​
STEPS TO REPRODUCE:
Unclear, probably simply create an add-on domain to a subscription, create a certificate for it, then let the renewal script try to renew the cert. There is slight chance that the issue is linked to the fact that the domain we see it on is a Wordpress website in "maintenance"-mode, so maybe there is rewrite rule that interferes? However, the /.well-known slash is missing as other users report it, too.
[Edit 2017-04-30: Resolved for the add-on domain case as described here, other case reported in GitHub not tested/verified by us.]​
ACTUAL RESULT:
Error message as shown above.​
EXPECTED RESULT:
Certificate renewel or nothing if it is not up for renewal.​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Last edited:
GitHub documented case seems to be resolved now, too. User is reporting that it was caused by a permanent redirect to the https:// version of the URL.
 
You must log in or register to reply here.

Similar threads

L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
372
Leta
L
Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2 3
Replies
48
Views
10K
gsk
gsk
Bitpalast
Resolved SSL create and renew errors on random domains / possibly a Let's Encrypt issue, but maybe only in combination with Plesk
Replies
11
Views
1K
Change Maker
C
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
2K
Daiv
D
H
Resolved Wildcard SSL Certificate Auto Renewals not Working for Let's Encrypt with External DNS
Replies
6
Views
6K
NickSick
N
Back
Top