Plesk 360 login
Free Trial

Knowledge Base

Unable to issue Let’s Encrypt certificate for domain in Plesk: misconfiguration of the Common Challenge Directory

 
applications extensionsdebugdnsdomainsgo

Symptoms

  • The Plesk of 18.0.26 version or newer is installed on the server

  • Unable to issue a Let’s Encrypt certificate in Domains > example.com > SSL/TLS Certificates > Install > Get it free, the process fails with the following error:

    Could not access the following file or directory: 'C:Program Files (x86)Pleskvaracme-challenge/web.config'.
    Please make sure that the domain's system user has read and write access to this file or directory.

    The authorization token is not available at http://example.com/.well-known/acme-challenge/qgU4e7ba4V7Tk69t4hYIYm09LJHktMaJIhPIngrOYFM.
    To resolve the issue, make sure that the token file can be downloaded via the above URL.

  • The following messages can be found in the %plesk_dir%adminlogsphp_error.log file with the debug enabled:

    DEBUG [extension/sslit] Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/5298134528.<br>
    Details:<br>
    Type: urn:ietf:params:acme:error:unauthorized<br>
    Status: 403<br>
    Detail: Invalid response from http://example.com/.well-known/acme-challenge/ABCdE012_DRzM2ChDDWcqHwjZ5FORmnopq543210XYZ
    [203.0.113.2]: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">rn<html
    xmlns="http"<br>
    INFO [extension/sslit] The count of the notifications which are waiting
    to be sent: 143.

  • Unable to secure (renew) Plesk interface with Let's Encrypt certificate in Tools & Settings > SSL & TLS certificates:

    Could not request a Let's Encrypt SSL/TLS certificate for hostname.com
    Go to http://hostname.com/.well-known/acme-challenge/HNYz-pKf-JtRgX-1gIFl2VrK2inUQs2uwIPWJuYnN3g and сheck if the authorization token is available.
    If it is, try to request the certificate again. If the token is not available, there may be an issue with your DNS configuration.
    Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP: 203.0.113.2

Cause

The misconfiguration of the Common Challenge Directory.

Resolution

Apply the following steps:

  1. Connect to the server via RDP

  2. Go to IIS > Sites > Find the Default Web Site site > If it doesn't exist, create it by clicking on Add Website... > Configure it as follows > Click OK:

    • Site name: Default Web Site

    • Application pool: DefaultAppPool

    • Physical path: %plesk_vhosts%defaulthtdocs

    • Binding type: http

    • IP address: All Unassigned

    • Port: 80

    • Hostname: <EMPTY>

    • Start Website immediately: Enabled

  3. Go to IIS > Sites > Find the acme-challenge site > If it exists, delete it by doing right-click on it and click on Remove

  4. Copy the file %plesk_dir%etcacme-challenge.config to the folder %plesk_dir%varacme-challenge

  5. Rename the file %plesk_dir%varacme-challengeacme-challenge.config to %plesk_dir%varacme-challengeweb.config

  6. Start a command prompt as Administrator

  7. Restore the acme-challenge site by executing the command:

    C:&gt…

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Install Unable to issue Let’s Encrypt certificate for domain in Plesk: misconfiguration of the Common Challenge Directory extension

Hostname or IP or URL of your Plesk instance: