Cannot renew wildcard cert using PleskWin

My domain is: bio-mail.com Actually it is all of my domains on Plesk / Windows

I ran this command: Just trying to Install or Reissue via Plesk

It produced this output:

Could not issue an SSL/TLS certificate for bio-mail.com
Details

Could not issue a Let's Encrypt SSL/TLS certificate for bio-mail.com.

The authorization token is not available at

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): Windows Server 2019

My hosting provider, if applicable, is: Dedicated Server / OVH

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian 18

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

By the way, the Token is actually there. It has been created, but for some raeson that message I am getting says it is not.

Welcome @Krammig

From your very long cert history I see you have been consistently getting a wildcard cert for that domain. That requires using the DNS Challenge. Have you changed anything with your DNS setup since your last good cert on Jan16?

Or, have you changed how you request the cert in your Plesk setup since then?

Here is just a small part of your cert history

image1821×447 77 KB

Thanks for the swift reply Mike.

Nope that I can recall or am aware of. It seems the several domains I have with Let's Encrypt have all just stopped working. Odd I know.
A few of the others are ;

Appactivator.com
Ardeun.com

I have left then as is with the " Your connection is not private" message

Cheers

You are probably better off asking OVH about this. Or even perhaps on a PleskWin forum.

A DNS Challenge is required for a wildcard cert. This works by placing a TXT record in your public DNS server by the ACME Client (PleskWin in your case).

You say the "token" is there but I don't see any TXT record right now. And, we often don't except for when the cert request is active. So, this doesn't mean anything except you said you see something.

I am pretty sure something has gotten mixed up between your PleskWin setup and your DNS server. That is something best resolved with OVH or PleskWin support.

The TXT record would be named:

_acme-challenge.bio-mail.com

And this is a good test site to check them: https://unboundtest.com/m/TXT/_acme-challenge.bio-mail.com/OQ7DT5UX

Thanks for that.

I think I might have solved it at least partially. It seems IIS was blocking that path. No idea why suddenly.

I added the following to the web.config file and I can now at least get into the folder.
Now trying to get to the file.

<add name="WellKnownStaticFiles" path=".well-known/*" verb="GET,HEAD" modules="StaticFileModule" resourceType="File" requireAccess="Read" />

Thanks for your input, appreciated. If I get it sorted out I will post the results here in case someone else falls into this.

Cheers

That location is used for an HTTP challenge but you cannot get a wild card certificate using that method. You don't have to get a wildcard certificate but you have been for several years now. Something is very different recently

Worth contacting PleskWin support. I suspect your are using PleskWin also as your DNS server for those domains and that's why it can use DNS domain validation to complete DNS challenges.