Symptoms
Unable to issue Let's Encrypt certificate in Plesk:
Could not issue an SSL/TLS certificate for example.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
Failed to connect to the Let's Encrypt server https://acme-v02.api.letsencrypt.org.
Please try again later or report the issue to support.
Details
Could not obtain directory: cURL error 7: Failed to connect to acme-v02.api.letsencrypt.org port 443: Connection timed out (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
Cause
Outgoing connections from the server on port 443 to host acme-v02.api.letsencrypt.org (Let's Encrypt server) are blocked by a local or intermediate firewall.
Attempts to reach Let's Encrypt servers via CLI fail:
# curl -v https://acme-v02.api.letsencrypt.org
* Rebuilt URL to: https://acme-v02.api.letsencrypt.org/
* Trying 172.65.32.248...
* TCP_NODELAY set
* Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
* TCP_NODELAY set
* Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Network is unreachable
# traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 44 byte packets
1 203.0.113.2 (203.0.113.2) 0.040 ms 0.019 ms 0.020 ms
2 * * *
3 * * *
4 * * *
Resolution
Depending on the results of the traceroute command, the connection can be blocked on the server itself or on the intermediate firewall.
Apply the solution from this article or contact network administrator in order to allow connections to all of those IPs/ports on a server and intermediate firewall.