Symptoms
Unable to install a Let’s Encrypt SSL certificate at Plesk >Â Domains > example.com > Let’s Encrypt. The following error is shown:
PLESK_ERROR: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com.
…
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: User account ID doesn’t match account ID in authorization
PLESK_ERROR:Could not issue a Let’s Encrypt SSL/TLS certificate for example.com.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/finalize/69623824/3410853285.
Details:
Type: urn:ietf:params:acme:error:orderNotReady
Status: 403
Detail: Order’s status (“pending”) is not acceptable for finalization
Cause
An Internal Feature Request #EXTLETSENC-733 was created to fix it, which will be implemented in future product updates.
Resolution
1. Log into Plesk
2. Try installing the Let’s Encrypt SSL certificate again after some minutes at Domains > example.com > Let’s Encrypt.
In case the issue persists, perform the following workaround:
For Linux Server
-
Connect to the server via SSH;
-
Search for a json file that contains the email which is used for issuing the SSL certificate.
# grep -r “[email protected]” /usr/local/psa/var/modules/letsencrypt/registrations
/usr/local/psa/var/modules/letsencrypt/registrations/4635f4dcd23bae2f1412673473a8fb4c18390b72.json “contact”:[“mailto:[email protected]”],”agreement”:null,”authorizations”:[],”certificates”:[]}
- Search for file under
/usr/local/psa/var/modules/letsencrypt/orders
using the domain name:# grep -r “example.com” /usr/local/psa/var/modules/letsencrypt/orders
/usr/local/psa/var/modules/letsencrypt/oders/73e9346c3fc065d13305183342f962c17b0bed5c.json
- Remove the json files found in steps 2 and 3;
# rm -f /usr/local/psa/var/modules/letsencrypt/orders/73e9346c3fc065d13305183342f962c17b0bed5c.json /usr/local/psa/var/modules/letsencrypt/registrations/4635f4dcd23bae2f1412673473a8fb4c18390b72.json
- Log into Plesk;
- Reissue the Let’s Encrypt SSL certificate at Domains > example.com > Let’s Encrypt.
For Windows Server
-
Connect to the server via RDP;
-
Go to the
%plesk_dir%varmodulesletsencryptregistrations
folder:
- Search for a json file that contains the email which is used for issuing a certificate. For example:
"contact":["mailto:[email protected]"],"agreement":null,"authorizations":[],"certificates":[]}
- Find and remove the json file related to example.com from Â
%plesk_dir%varmodulesletsencryptorders
- Log into Plesk
- Reissue the Let’s Encrypt SSL certificate at Domains > example.com > Let’s Encrypt.