Symptoms
-
Unable to issue a Let's Encrypt certificate in Domains > example.com > SSL/TLS Certificates > Install > Get it free:
Domain validation failed
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://example.com/.well-known/acme-challenge/uksG0XWFd8Yd6K51U09HosKjhS7jWF_xEMP5ru_OJ0Y
"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> n<html xmlns="http" -
A
test.txtfile created in%plesk_dir%var/acme-challengefolder is accessible via athttp://example.com/.well-known/acme-challenge/test.txtin a web browser. -
SSL It! extension is disabled or absent in Extensions > My Extensions.
Cause
SSL It! extension was installed and enabled previously.
The common challenge directory is automatically activated when SSL It! extension is installed. After disabling or uninstalling SSL It!, a common challenge directory is still enabled, but Let's Encrypt is unable to use it in standalone mode.
This is SSL It! extension bug with the ID #EXTSSLIT-867, that will be fixed in the next extension updates.
Resolution
Until the bug will be fixed, apply one of the solutions below:
Enable SSL It! extension
-
Go to Extensions > My Extensions > SSL It!.
-
Press More and then Enabled button:
Disable Common Challenge Directory if SSL It! is disabled
-
Log into the server via RDP.
-
Execute the command below to enable SSL It! extension:
C:> plesk bin extension --enable sslit
-
Disable Common Challenge Directory:
C:> plesk ext sslit --common-challenge-dir -disable
-
Disable SSl It! extension:
C:> plesk bin extension --disable sslit
Disable Common Challenge Directory if SSL It! is uninstalled
-
Log into the server via RDP.
-
Execute the command below to disable Common Challenge Directory:
C:> plesk sbin websrvmng --remove-global-rewrite-rule --name=acme-challenge
with