Certificate Expired on ASPHostPortal

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I started getting this error a few days ago:

NET::ERR_CERT_DATE_INVALID.

My hosting company said they couldn’t do anything about it and to contact Lets Encrypt.

Thank you for any help, Bill

My domain is:www.redargo.us

I ran this command:renew button on admin plesk website for ASPHostPortal

It produced this output:
Error: Could not issue a Lets Encrypt SSL/TLS certificate for redargo.us.

The authorization token is not available at http://redargo.us/.well-known/acme-challenge/w3_hib199YFA5ss4vsVMiy1P6GRGL9n3sU__Gx30g2w.
To resolve the issue, make sure that the token file can be downloaded via the above URL.
See the related Knowledge Base article for details.
Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/2874484991.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://redargo.us/.well-known/acme-challenge/w3_hib199YFA5ss4vsVMiy1P6GRGL9n3sU__Gx30g2w [5.10.109.53]: "\r\n<html xmlns=“http”

My web server is (include version): IIS

The operating system my web server runs on is (include version):Windows, not sure of the version

My hosting provider, if applicable, is: ASPHostPortal

I can login to a root shell on my machine (yes or no, or I don’t know): don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Hi,

This is an issue with Plesk’s implementation of acme-client for Let’s Encrypt.
Please see the below link and apply the solution under “For Windows servers" section:

Thank you

2 Likes

Thanks for the quick reply, but it looks like Deny access to the site is already set to Default. I changed it and changed it back, but that didn’t fix the issue.

1 Like

Please try to place a file (with any content) under $your_document_root/.well-known/acme-challenge/test123 and see if http://redargo.us/.well-known/acme-challenge/test123 has the correct content.

Thank you

1 Like

http://redargo.us/.well-known/acme-challenge/test123

403 - Forbidden: Access is denied.

Thank you

1 Like

Hi,

It looks like it's a permission issue for your Plesk Windows server.
Since it's not only Let's Encrypt's validation server not able to access the tokens, i (personally) don't think this is a Let's Encrypt CA issue, rather a server/configuration issue by your hosting provider.
As i only had experience with Plesk Linux, i don't know what to suggest for you to try.
The only thing i could suggest (without misleading you into a wild hunt) is to contact your hosting provider and ask them how to resolve this. If they don't know, suggest them to ask Plesk server support. (Your provider has better tools than an individual client had, and admin access to the server)

Thank you

2 Likes

I contacted my hosting provider and their suggestion was to delete the domain and start over. I may try to contact Plesk directly and see if they have any suggestions before I do that. Thank you again for your help.

1 Like

Sorry to hear that…
You can try to check if there’s any htaccess or any directive files that prevent (or not explicitely allow) that directory being displayed.

1 Like

Hi @wawalter

I'm not firm with Plesk Windows.

But that looks only like a wrong local configuration. Not enough rights.

Check the access list of that subdirectory and compare it with the access list of your root directory, the folder checked if http://redargo.us/ is called.

1 Like

I went ahead and deleted/recreated the domain and applied a new SSL certificate and that fixed the problem. Hopefully it won’t reoccur when the certificate needs to be renewed again. Thanks again for your suggestions.