Knowledge Base

Unable to install a Let’s Encrypt certificate: User account ID doesn’t match account ID in authorization

 
applications extensionsplesk for linuxplesk for windowstechnical questionsdomain name

Symptoms

Unable to install a Let's Encrypt SSL certificate at Plesk > Domains > example.com > SSL/TLS Certificates. The following error is shown:

Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
...
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: User account ID doesn't match account ID in authorization

PLESK_ERROR:Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/finalize/69623824/3410853285.
Details:
Type: urn:ietf:params:acme:error:orderNotReady
Status: 403
Detail: Order's status ("pending") is not acceptable for finalization

Cause

An external Feature Request #EXTLETSENC-733 was created to fix it, which will be implemented in future product updates.

Resolution

1. Log into Plesk

2. Try installing the Let's Encrypt SSL certificate again after some minutes at Domains > example.com > SSL/TLS Certificates.

In case the issue persists, perform the following workaround:

For Linux Server

  1. Connect to the server via SSH;

  2. Search for a json file that contains the email which is used for issuing the SSL certificate.

    # grep -r "john[email protected]" /usr/local/psa/var/modules/sslit/registrations
    /usr/local/psa/var/modules/sslit/registrations/4635f4dcd23bae2f1412673473a8fb4c18390b72.json "contact":["mailto:[email protected]"],"agreement":null,"authorizations":[],"certificates":[]}

  1. Search for file under /usr/local/psa/var/modules/sslit/orders using the domain name:

    # grep -r "example.com" /usr/local/psa/var/modules/sslit/orders
    /usr/local/psa/var/modules/sslit/oders/73e9346c3fc065d13305183342f962c17b0bed5c.json

  1. Remove the json files found in steps 2 and 3;

    # rm -f /usr/local/psa/var/modules/sslit/orders/73e9346c3fc065d13305183342f962c17b0bed5c.json /usr/local/psa/var/modules/sslit/registrations/4635f4dcd23bae2f1412673473a8fb4c18390b72.json

  1. Log into Plesk;
  2. Reissue the Let's Encrypt SSL certificate at Domains > example.com > SSL/TLS Certificates.

For Windows Server

  1. Connect to the server via RDP;

  2. Go to the %plesk_dir%varmodulessslitregistrations folder:

  • Search for a json file that contains the email which is used for issuing a certificate. For example:

    "contact":["mailto:[email protected]"],"agreement":null,"authorizations":[],"certificates":[]}

  • Find and remove the json file related to example.com from  %plesk_dir%varmodulessslitorders
  1. Log into Plesk
  2. Reissue the Let's Encrypt SSL certificate at Domains > example.com > SSL/TLS Certificates.

Additional Information

Unable to install a Let's Encrypt certificate: Order's status ("pending") is not acceptable for finalization  

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2023 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with love with Plesk WP Toolkit

Plesk uses LiveChat system (3rd party).

By proceeding below, I hereby agree to use LiveChat as an external third party technology. This may involve a transfer of my personal data (e.g. IP Address) to third parties in- or outside of Europe. For more information, please see our Privacy Policy.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt