• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue .well-known/acme-challenge 403 forbidden

A

assist bss

New Pleskian
Environment: Plesk Onyx 17.8.11 Update #54
OS: Debian 8.11 64bit

In order to exclude problem with letsencrypt, I just created .well-known/acme-challenge/index.html.
If I try to access from browser I get 403 forbidden

The problem is not related to permission or nginx directive, indeed if I just rename acme-challenge to anything else I can reach index.html from browser. To be clearer:

mydomain.com/.well-known/acme2-challenge works
mydomain.com/.well-known/acme-challenge doesn't

I can just access to everything inside .well-known except acme-challenge folder.

Nginx directives related to .well-known/acme-challenge is just ignored

Here is my nginx directives configuration:

location ~ /.well-known {
allow all;
}

Also tried


location ~ /.well-known/acme-challenge {
allow all;
}
 
"In order to exclude problem with letsencrypt, I just created .well-known/acme-challenge/index.html."

What is the issue with Letsencrypt? Why do you have to create these files/folder manually?

 
Before installation I emptied httpdocs, then I recreated manually .well-known/acme-challenge from plesk filemanager.

The problem with letsencrypt is 403 trying access to .well-known/acme-challenge/{challenge} during challenge, but in other plesk installations I just need this location directive:

location ~ /.well-known {
allow all;
}

But in this case is not enough.

Actually, access to acme-challenge is forbidden from browser, the same folder renamed (same permissions, same location, same owner, same group) become accessible. To try this I just created an index.html file under .well-known/acme2-challenge (originally was .well-kwnown/acme-challenge) and I can reach it without any problem.

Using letsencrypt integrated with plesk works, but I need to use a custom script that update certificate, associate it to a subscription on plesk and update jboss keystore. I use the same script on at least 5 vps with plesk 17 and 10 vps with plesk 12 for an amount of 40 virtual hosts.
The only strange behaviour I noticed on this specific vps is the forbidden access to acme-challenge folder.
 
Last edited:
I've no deny directives to remove. Here is my configuration:

NEVCaD9.png
 
You must log in or register to reply here.

Similar threads

J.Wick
Let's Encrypt Directives Left Over in NGINX.conf when moving to other SSL options.
Replies
6
Views
1K
scsa20
scsa20
S
Question acme-challenge folder is not accessible
Replies
2
Views
4K
serg499
S
bsssrl
Resolved acme.sh Invalid response from .well-known/acme-challenge
Replies
1
Views
4K
bsssrl
bsssrl
P
Resolved "502 Bad Gateway" with nginx reverse proxy for openhab cloud
Replies
10
Views
3K
Maarten.
M
Aethem
Resolved Nginx error 403 -Css not load for admin url
Replies
11
Views
2K
Aethem
Aethem
Back
Top