One of my clients is running the latest version of Plesk and is experiencing intermittent issues with LetsEncrypt being unable to validate different domains, citing 400 "Timeout" errors.
Due to the haphazard nature of the problem, I wanted to come here to see if anyone could potentially find something I may have missed. I have combed the server and have been unable to identify the underlying cause of the problem, although we have found a workaround which works sporadically.
I will explain everything below: -
My IP is:
82.223.49.25
My domain is:
autobloccantiedil73.it
esteticadeatorino.it
lurgolog.it
I ran this command:
- Plesk's "LetsEncrypt" mechanism via SSLIt! (not sure how it does it)
- PunchSalad SSL generator (SSL Certificate Generator: Free letsencrypt SSL in minutes - PunchSalad)
It produced this output:
- On some occasions, a 400 error will be cited: -
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "82.223.49.25: Fetching http://www.lurgolog.it/.well-known/acme-challenge/maxXmLFtYHZx8T1Xfkedqzb25X5CLa2sw6vxjfR0YNk: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/102417245607/9iUWXA",
"token": "maxXmLFtYHZx8T1Xfkedqzb25X5CLa2sw6vxjfR0YNk",
"validationRecord": [
{
"url": "http://www.lurgolog.it/.well-known/acme-challenge/maxXmLFtYHZx8T1Xfkedqzb25X5CLa2sw6vxjfR0YNk",
"hostname": "www.lurgolog.it",
"port": "80",
"addressesResolved": [
"82.223.49.25"
],
"addressUsed": "82.223.49.25"
}
],
"validated": "2022-04-26T21:23:06Z"
}
On others, it will all work as expected.
The thing that's stumped me is the intermittent nature of it. Sometimes it will work without a hitch, other times it will not work at all.
My web server is (include version):
Plesk with NGinx/Apache.
The operating system my web server runs on is (include version):
CentOS Linux 7.9.2009 (Core)
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Plesk Obsidian 18.0.43 Aggiorna #1
--
Any insights would be greatly received.
We managed to get around the issue by disabling the HTTP->HTTPS redirect inside Plesk as well as removing the "preferred domain" too. But this still only works around 80% of the time -- I really want to find out what is causing the issue.