Symptoms
-
Unable to issue Let's Encrypt certificate for example.com:
Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com Authorization for the domain failed.
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/Zsp9keucq_5bElhpjJS4VlApIYjwHcr9Tzr6Vb-0N9c.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching http://example.com/.well-known/acme-challenge/A0w1TWCsHraPRVnbD8Ds8o1FaiIv19Q-4wifWlGHv_0: Connection refused
Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com Authorization for the domain failed.
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/Zsp9keucq_5bElhpjJS4VlApIYjwHcr9Tzr6Vb-0N9c.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching https://www.example.com/.well-known/acme-challenge/Jp2aL_WXqqouVCnjLlEBGtzJwCezl006nviGzgKUVZA: Error getting validation data
Cause
Firewall settings filter 80 and/or 443 ports.
Resolution
Modify firewall rules to allow incoming connections:
-
Log in to Plesk via SSH
-
Allow incoming connections to TCP ports 443 and 80:
-
For IPv4 connections, allow ports 80 and 443 using Plesk firewall
-
In case IPv6 is used, add firewall rules to ip6tables:
-
Execute the following commands:
# ip6tables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
# ip6tables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
-
Make the rules permanent:
Debian/Ubuntu:
# ip6tables-save > /etc/iptables/rules.v6
RHEL/CentOS:
# ip6tables-save > /etc/sysconfig/ip6tables
-
-
Note: If the issue still persists after opening port, there may be an intermediate firewall between. In this case, it is required to contact the service provider, or alternatively contact the registrar and disable AAAA records for the domain.
with