Knowledge Base

Unable to install Let’s Encrypt SSL in Plesk: Invalid response from example.com: 404 Not Found

 
applications extensionsplesk serverweb hostinguitls

 

Symptoms

example.com is resolved to IPv6 address that does not belong to Plesk server.

# dig +short AAAA example.com
2001:db8:f61:a1ff:0:0:0:80

Below error can occur if issue Let’s Encrypt certificate for

  • Unable to install Let’s Encrypt SSL. The following error is shown in Plesk UI: “404”, “Timeout”, “Could not connect”, “400”, “403”:

    PLESK_ERROR: <html><head>
    <title>404 Not Found</title>

    Or:

    PLESK_ERROR: Error: Let’s Encrypt SSL certificate installation failed: Challenge marked as invalid.

    Could not connect to example.com

    Or:

    PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.

    Type: urn:acme:error:connection
    Status: 400

    Or:

    PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com. The authorization token is not available

    Status: 403
    Detail: Invalid response from http://example.com/.well-known/acme-challenge/abcdefghijklomnpqrstuvwxyz”

    Or:

    PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
    Details
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/
    Details:
    Type: urn:ietf:params:acme:error:connection
    Status: 400
    Detail: Fetching http://www.example.com/.well-known/acme-challenge/DltCvRcqSfcTjjsWAA43KFCi4jsRiZ91FlitL_tk6kE: Network unreachable

    PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com
    The example.com DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk.
    To resolve the issue, either assign an IPv6 address to example.com (“Websites & Domains” > “Web Hosting Access”) or remove the AAAA record from the example.com DNS zone.
    See the related Knowledge Base article for details.
    Details
    Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/qxK-vAPtGYg3YOSEcgZNB7HBd-unn4oX3GLtZWSxVPA.
    Details:
    Type: urn:acme:error:unauthorized
    Status: 403

Cause

The LetsEncrypt server is trying to validate domains through IPv6 as it is a preferred protocol, but IPv6 doesn’t exist on the server.

Resolution

Remove AAAA record from external DNS server for a domain and issue Let’s Encrypt certificate again.

Note: external DNS server for example.com can be found using a command:
dig +short NS example.com

Read the full article
Related Posts
Knowledge Base

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2021 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WordPress Toolkit

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt