Troubleshooting failed Let’s Encrypt certificate installations for a domain in Plesk

Dmitry Bystrov

10 months ago

Symptoms

The article provides general troubleshooting steps for errors that may be shown during a Let's Encrypt certificate installation using the Let's Encrypt Plesk extension.

Troubleshooting Steps

Notes: This guide is intended for Plesk Onyx 17.5 and later versions.

If you are a domain owner, please contact your service provider for assistance with a Let's Encrypt certificate installation.

1. Checking domain's DNS settings

Make sure that the website resolves globally from the Internet to the same IPv4 (and IPv6, if configured on a domain registrar side) address that is set in Plesk at Domains > example.com > Web Hosting Access.

To find the global website's IP address:

use any online tool (for example, MxToolbox DNS Lookup for IPv4 and MxToolbox DNS Lookup IPv6 for IPv6
use Google DNS and the 'nslookup' utility in a command prompt of your PC/Mac:

nslookup <domain_name> dns.google

If the IP addresses in Plesk differs from the global IP address on the Internet, apply one of the following solutions:

change the IP address, to which the domain resolves globally, at Domains > example.com > Web Hosting Access.

Note: If the domain is not using IPv6, make sure that IPv6 address is set to None and there are no IPv6 DNS records at Domains > example.com > DNS Settings. If such IPv6 records exist, remove them.
change the IP address on a domain registrar side to the one that is specified in Plesk.

2. Checking the website availability

Once you have verified that the IP addresses match:

2.1. Website availability

Make sure that the website is accessible and browsable from the Internet (no 4xx and 5xx errors). If the website is showing a default Plesk page, create a test.txt file at Domains > example.com > File Manager and put some text into it. Then open this file in a web-browser at example.com/test.txt and make sure it is accessible from the Internet. If the file is not accessible, check website's configuration.

2.2. Additional steps for Plesk on Windows Server (if Plesk is installed on Linux, move to step 3)

2.2.1. Go to Domains > example.com > IIS Settings and disable the option Require SSL/TLS.

2.2.2. Go to Domains > example.com > File Manager and:

disable custom rewrite rules in web.config, if there are any.
disable Microsoft ASP support and Microsoft ASP.NET support at Domains > example.com > Hosting Settings.
create a test.txt file in the .well-knownacme-challenge folder (where Let's Encrypt stores its temporary files) and put some text into it. Then open this file in a web-browser at http://example.com/.well-known/acme-challenge/test.txt and make sure it is accessible from the Internet over HTTP without www prefix. If the file is not accessible, check website's configuration.

2.2.3 If SSL cannot be issued for the hostname, make sure the Default Web Site is started in IIS.

3. Disabling compatibility mode (for domains migrated from legacy Plesk versions)

If the domain has been migrated from legacy Plesk versions, make…

0 Shares