Symptoms
- Unable to issue Let’s Encrypt certificate for securing Plesk page:
PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed. Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/JwiJ1oPnjy-8ahXSzgbObDNjn9CrcIjzs87_H_7wEz8. Details:Type: urn:acme:error:unauthorized Status: 403. Detail: Invalid response from http://example.com/.well-known/acme-challenge/BjH29Kw9Ttp5bV1QV2kCFpAsGWEfONGUu4iY3bR_GqM:
- Plesk server hostname is some-subdomain.example.com. In the same time there is domain example.com with wildcard subdomain *.example.com.
Cause
It is a bug in the Let’s Encrypt with ID EXTLETSENC-383 . The fix is planned to be included in one the next updates of the extension.
Resolution
The only workaround is to disable wildcard subdomain *.example.com for the time of issuing certificate for Plesk, however this will break panel certificate future renewal.
To disable wildcard subdomain:
- Login to Plesk as admin user.
- Go to Domains > *.example.com > Disable.