Could not issue an SSL/TLS certificate BECAUSE looking on HTTP and not HTTPS

My domain is:
eastshockey.org.au

I ran this command:
Renew Certificates which is set to auto but fails

It produced this output:

Could not issue an SSL/TLS certificate for eastshockey.org.au
Details

Could not issue a Let's Encrypt SSL/TLS certificate for eastshockey.org.au .

The authorization token is not available at http://eastshockey.org.au/.well-known/acme-challenge/ath0TxWiyUwNpWIUZoddrkPuTjrjzSDfp8NtlTune3Y.

To resolve the issue, make sure that the token file can be downloaded via the above URL.

My web server is (include version):
IIS

The operating system my web server runs on is (include version):
Windows Server

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Plesk

QUESTION
I can see what is happening - the token is being created, but in a folder that requires HTTPS.
I did turn on HTTP to HTTPS redirect, but this seems its just for the folder content and NOT files.
What Config change do I need to make so that the file is available on HTTP or get the redirect to HTTPS work?
Running Windows Server IIS with Plesh desktop

Cheers
Philip

If I understand the problem correctly, your Plesk site only has an HTTPS binding, and not an HTTP one.

As a result, https://eastshockey.org.au/.well-known/acme-challenge/xyzxyz and http://eastshockey.org.au/.well-known/acme-challenge/xyzxyz refer to entirely different document roots.

I'm not super familiar with Plesk, but it might be the case that files under .well-known/acme-challenge/ are excluded from the site-wide 301 redirect. I know this is the case with Let's Encrypt integrations on other control panels.

If I were you, I try making sure that both HTTP and HTTPS bindings exist for the site. Then apply a 301 redirect using one of the two Alternative solutions for Windows Server listed here.

Otherwise, I guess you could try those solutions anyway and seeing whether it forces the contents of the acme-challenge directory to be redirected.

2 Likes