Â
Symptoms
example.com is resolved to IPv6 address that does not belong to Plesk server.
# dig +short AAAA example.com
2001:db8:f61:a1ff:0:0:0:80
Below error can occur if issue Let’s Encrypt certificate for
-
Unable to install Let’s Encrypt SSL. The following error is shown in Plesk UI: “404”, “Timeout”, “Could not connect”, “400”, “403”:
PLESK_ERROR: <html><head>
<title>404 Not Found</title>Or:
PLESK_ERROR: Error: Let’s Encrypt SSL certificate installation failed: Challenge marked as invalid.
…
Could not connect to example.comOr:
PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
…
Type: urn:acme:error:connection
Status: 400Or:
PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com. The authorization token is not available
…
Status: 403
Detail: Invalid response from http://example.com/.well-known/acme-challenge/abcdefghijklomnpqrstuvwxyz”Or:
PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/
Details:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: Fetching http://www.example.com/.well-known/acme-challenge/DltCvRcqSfcTjjsWAA43KFCi4jsRiZ91FlitL_tk6kE: Network unreachable
PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com
The example.com DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk.
To resolve the issue, either assign an IPv6 address to example.com (“Websites & Domains” > “Web Hosting Access”) or remove the AAAA record from the example.com DNS zone.
See the related Knowledge Base article for details.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/qxK-vAPtGYg3YOSEcgZNB7HBd-unn4oX3GLtZWSxVPA.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Cause
The LetsEncrypt server is trying to validate domains through IPv6 as it is a preferred protocol, but IPv6 doesn’t exist on the server.
Resolution
Remove AAAA record from external DNS server for a domain and issue Let’s Encrypt certificate again.
Note: external DNS server for example.com can be found using a command:
dig +short NS example.com