Knowledge Base

Unable to install a Let’s Encrypt certificate: User account ID doesn’t match account ID in authorization

Symptoms

Unable to install a Let's Encrypt SSL certificate at Plesk > Domains > example.com > SSL/TLS Certificates. The following error is shown:

Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
...
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: User account ID doesn't match account ID in authorization

PLESK_ERROR:Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/finalize/69623824/3410853285.
Details:
Type: urn:ietf:params:acme:error:orderNotReady
Status: 403
Detail: Order's status ("pending") is not acceptable for finalization

Cause

An external Feature Request #EXTLETSENC-733 was created to fix it, which will be implemented in future product updates.

Resolution

1. Log into Plesk

2. Try installing the Let's Encrypt SSL certificate again after some minutes at Domains > example.com > SSL/TLS Certificates.

In case the issue persists, perform the following workaround:

For Linux Server

Connect to the server via SSH;
Search for a json file that contains the email which is used for issuing the SSL certificate.

# grep -r "[email protected]" /usr/local/psa/var/modules/sslit/registrations
/usr/local/psa/var/modules/sslit/registrations/4635f4dcd23bae2f1412673473a8fb4c18390b72.json "contact":["mailto:[email protected]"],"agreement":null,"authorizations":[],"certificates":[]}

Search for file under /usr/local/psa/var/modules/sslit/orders using the domain name:
# grep -r "example.com" /usr/local/psa/var/modules/sslit/orders
/usr/local/psa/var/modules/sslit/oders/73e9346c3fc065d13305183342f962c17b0bed5c.json

Remove the json files found in steps 2 and 3;
# rm -f /usr/local/psa/var/modules/sslit/orders/73e9346c3fc065d13305183342f962c17b0bed5c.json /usr/local/psa/var/modules/sslit/registrations/4635f4dcd23bae2f1412673473a8fb4c18390b72.json

Log into Plesk;
Reissue the Let's Encrypt SSL certificate at Domains > example.com > SSL/TLS Certificates.

For Windows Server

Connect to the server via RDP;
Go to the %plesk_dir%varmodulessslitregistrations folder:

Search for a json file that contains the email which is used for issuing a certificate. For example:
"contact":["mailto:[email protected]"],"agreement":null,"authorizations":[],"certificates":[]}

Find and remove the json file related to example.com from %plesk_dir%varmodulessslitorders

Log into Plesk
Reissue the Let's Encrypt SSL certificate at Domains > example.com > SSL/TLS Certificates.

Additional Information

Unable to install a Let's Encrypt certificate: Order's status ("pending") is not acceptable for finalization

Knowledge Base

Unable to install a Let’s Encrypt certificate: User account ID doesn’t match account ID in authorization

Symptoms

Cause

Resolution

For Linux Server

For Windows Server

Additional Information

How to Host a Go App on Plesk

Exploring Plesk’s Added Value Solutions So Far in 2023

Unveiling Sitejet Builder: The Perfect Match for Your Effortless Website Creation Needs

How to allow HTTPS and configure SSL certificate on domain in Plesk which has Hosting Type set as Forwarding?

Attempt to issue a Let’s Encrypt SSL certificate for a Plesk domain fails: Could not obtain directory: cURL error 77

Cannot issue Let’s Encrypt certificate in Plesk: Error creating new authz :: Policy forbids issuing for name

An operation fails in Plesk: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry ‘X’ for key ‘PRIMARY’