Knowledge Base

Unable to issue Let’s Encrypt certificate for domain in Plesk: misconfiguration of the Common Challenge Directory

 
applications extensionsdnsdomainshostedhttps

Symptoms

  • The Plesk of 18.0.26 version or newer is installed on the server

  • Unable to issue a Let’s Encrypt certificate in Domains > example.com > SSL/TLS Certificates > Get it free, the process fails with the following error:

    Could not access the following file or directory: 'C:Program Files (x86)Pleskvaracme-challenge/web.config'.
    Please make sure that the domain's system user has read and write access to this file or directory.
    The authorization token is not available at http://example.com/.well-known/acme-challenge/qgU4e7ba4V7Tk69t4hYIYm09LJHktMaJIhPIngrOYFM.
    To resolve the issue, make sure that the token file can be downloaded via the above URL.

  • The following messages can be found in the %plesk_dir%adminlogsphp_error.log file with the debug enabled:

    DEBUG [extension/sslit] Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/5298134528.<br>
    Details:<br>
    Type: urn:ietf:params:acme:error:unauthorized<br>
    Status: 403<br>
    Detail: Invalid response from http://example.com/.well-known/acme-challenge/ABCdE012_DRzM2ChDDWcqHwjZ5FORmnopq543210XYZ
    [203.0.113.2]: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">rn<html
    xmlns="http"<br>
    INFO [extension/sslit] The count of the notifications which are waiting
    to be sent: 143.

  • Unable to secure (renew) Plesk interface with Let’s Encrypt certificate in Tools & Settings > SSL & TLS certificates:

    PLESK_ERROR: Could not request a Let’s Encrypt SSL/TLS certificate for hostname.com
    Go to http://hostname.com/.well-known/acme-challenge/HNYz-pKf-JtRgX-1gIFl2VrK2inUQs2uwIPWJuYnN3g and сheck if the authorization token is available.
    If it is, try to request the certificate again. If the token is not available, there may be an issue with your DNS configuration.
    Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP: 203.0.113.2

Cause

The misconfiguration of the Common Challenge Directory.

Resolution

Apply the following steps:

  1. Connect to the server via RDP

  2. Go to IIS > Sites > Find the Default Web Site site > If it doesn’t exist, create it by clicking on Add Website… > Configure it as follows > Click OK:

    • Site name: Default Web Site

    • Application pool: DefaultAppPool

    • Physical path: %plesk_vhosts%defaulthtdocs

    • Binding type: http

    • IP address: All Unassigned

    • Port: 80

    • Hostname: <EMPTY>

    • Start Website immediately: Enabled

  3. Go to IIS > Sites > Find the acme-challenge site > If it exists, delete it by doing right-click on it and click on Remove

  4. Copy the file %plesk_dir%etcacme-challenge.config to the folder %plesk_dir%varacme-challenge

  5. Rename the file %plesk_dir%varacme-challengeacme-challenge.config to %plesk_dir%varacme-challengeweb.config

  6. Start a command…

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2022 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WP Toolkit
Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt