• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue .well-known/acme-challenge 403 forbidden

A

assist bss

New Pleskian
Environment: Plesk Onyx 17.8.11 Update #54
OS: Debian 8.11 64bit

In order to exclude problem with letsencrypt, I just created .well-known/acme-challenge/index.html.
If I try to access from browser I get 403 forbidden

The problem is not related to permission or nginx directive, indeed if I just rename acme-challenge to anything else I can reach index.html from browser. To be clearer:

mydomain.com/.well-known/acme2-challenge works
mydomain.com/.well-known/acme-challenge doesn't

I can just access to everything inside .well-known except acme-challenge folder.

Nginx directives related to .well-known/acme-challenge is just ignored

Here is my nginx directives configuration:

location ~ /.well-known {
allow all;
}

Also tried


location ~ /.well-known/acme-challenge {
allow all;
}
 
"In order to exclude problem with letsencrypt, I just created .well-known/acme-challenge/index.html."

What is the issue with Letsencrypt? Why do you have to create these files/folder manually?

 
Before installation I emptied httpdocs, then I recreated manually .well-known/acme-challenge from plesk filemanager.

The problem with letsencrypt is 403 trying access to .well-known/acme-challenge/{challenge} during challenge, but in other plesk installations I just need this location directive:

location ~ /.well-known {
allow all;
}

But in this case is not enough.

Actually, access to acme-challenge is forbidden from browser, the same folder renamed (same permissions, same location, same owner, same group) become accessible. To try this I just created an index.html file under .well-known/acme2-challenge (originally was .well-kwnown/acme-challenge) and I can reach it without any problem.

Using letsencrypt integrated with plesk works, but I need to use a custom script that update certificate, associate it to a subscription on plesk and update jboss keystore. I use the same script on at least 5 vps with plesk 17 and 10 vps with plesk 12 for an amount of 40 virtual hosts.
The only strange behaviour I noticed on this specific vps is the forbidden access to acme-challenge folder.
 
Last edited:
I've no deny directives to remove. Here is my configuration:

NEVCaD9.png
 
You must log in or register to reply here.

Similar threads

L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
349
Leta
L
J.Wick
Let's Encrypt Directives Left Over in NGINX.conf when moving to other SSL options.
Replies
6
Views
2K
scsa20
scsa20
S
Question acme-challenge folder is not accessible
Replies
2
Views
5K
serg499
S
bsssrl
Resolved acme.sh Invalid response from .well-known/acme-challenge
Replies
1
Views
5K
bsssrl
bsssrl
P
Resolved "502 Bad Gateway" with nginx reverse proxy for openhab cloud
Replies
10
Views
4K
Maarten
M
Back
Top