Symptoms
-
The Plesk of 18.0.26 version or newer is installed on the server
-
Unable to issue a Let’s Encrypt certificate in Domains > example.com > SSL/TLS Certificates > Install > Get it free, the process fails with the following error:
Could not access the following file or directory: 'C:Program Files (x86)Pleskvaracme-challenge/web.config'.
Please make sure that the domain's system user has read and write access to this file or directory.
The authorization token is not available at http://example.com/.well-known/acme-challenge/qgU4e7ba4V7Tk69t4hYIYm09LJHktMaJIhPIngrOYFM.
To resolve the issue, make sure that the token file can be downloaded via the above URL. -
The following messages can be found in the
%plesk_dir%adminlogsphp_error.logfile with the debug enabled:DEBUG [extension/sslit] Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/5298134528.<br>
Details:<br>
Type: urn:ietf:params:acme:error:unauthorized<br>
Status: 403<br>
Detail: Invalid response from http://example.com/.well-known/acme-challenge/ABCdE012_DRzM2ChDDWcqHwjZ5FORmnopq543210XYZ
[203.0.113.2]: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">rn<html
xmlns="http"<br>
INFO [extension/sslit] The count of the notifications which are waiting
to be sent: 143. -
Unable to secure (renew) Plesk interface with Let's Encrypt certificate in Tools & Settings > SSL & TLS certificates:
Could not request a Let's Encrypt SSL/TLS certificate for hostname.com
Go to http://hostname.com/.well-known/acme-challenge/HNYz-pKf-JtRgX-1gIFl2VrK2inUQs2uwIPWJuYnN3g and сheck if the authorization token is available.
If it is, try to request the certificate again. If the token is not available, there may be an issue with your DNS configuration.
Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP: 203.0.113.2
Cause
The misconfiguration of the Common Challenge Directory.
Resolution
Apply the following steps:
with