Plesk

Unable to install a Let’s Encrypt certificate: User account ID doesn’t match account ID in authorization

  • Dmitry Bystrov

    • Symptoms

    Unable to install a Let's Encrypt SSL certificate at Plesk > Domains > example.com > SSL/TLS Certificates. The following error is shown:

    Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
    ...
    Details:
    Type: urn:ietf:params:acme:error:unauthorized
    Status: 403
    Detail: User account ID doesn't match account ID in authorization

    PLESK_ERROR:Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
    Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/finalize/69623824/3410853285.
    Details:
    Type: urn:ietf:params:acme:error:orderNotReady
    Status: 403
    Detail: Order's status ("pending") is not acceptable for finalization

    Cause

    An external Feature Request #EXTLETSENC-733 was created to fix it, which will be implemented in future product updates.

    Resolution

    1. Log into Plesk

    2. Try installing the Let's Encrypt SSL certificate again after some minutes at Domains > example.com > SSL/TLS Certificates.

    In case the issue persists, perform the following workaround:

    For Linux Server

    1. Connect to the server via SSH;

    2. Search for a json file that contains the email which is used for issuing the SSL certificate.

      # grep -r "john_doe@example.com" /usr/local/psa/var/modules/sslit/registrations
      /usr/local/psa/var/modules/sslit/registrations/4635f4dcd23bae2f1412673473a8fb4c18390b72.json "contact":["mailto:john_doe@example.com"],"agreement":null,"authorizations":[],"certificates":[]}

    1. Search for file under /usr/local/psa/var/modules/sslit/orders using the domain name:

      # grep -r "example.com" /usr/local/psa/var/modules/sslit/orders
      /usr/local/psa/var/modules/sslit/oders/73e9346c3fc065d13305183342f962c17b0bed5c.json

    1. Remove the json files found in steps 2 and 3;

      # rm -f /usr/local/psa/var/modules/sslit/orders/73e9346c3fc065d13305183342f962c17b0bed5c.json /usr/local/psa/var/modules/sslit/registrations/4635f4dcd23bae2f1412673473a8fb4c18390b72.json

    1. Log into Plesk;
    2. Reissue the Let's Encrypt SSL certificate at Domains > example.com > SSL/TLS Certificates.

    For Windows Server

    1. Connect to the server via RDP;

    2. Go to the %plesk_dir%varmodulessslitregistrations folder:

    • Search for a json file that contains the email which is used for issuing a certificate. For example:

      "contact":["mailto:john_doe@example.com"],"agreement":null,"authorizations":[],"certificates":[]}

    • Find and remove the json file related to example.com from  %plesk_dir%varmodulessslitorders
    1. Log into Plesk
    2. Reissue the Let's Encrypt SSL certificate at Domains > example.com > SSL/TLS Certificates.

    Additional Information

    Unable to install a Let's Encrypt certificate: Order's status ("pending") is not acceptable for finalization  

    Tweet
    Share
    Share
    Email
    0 Shares
    Exit mobile version