Error renewing Certificate in Plesk

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: publichealthgreybruce.on.ca

I ran this command: used the reissue certificate button in Plesk

It produced this output: Could not issue an SSL/TLS certificate for publichealthgreybruce.on.ca
Details

Could not issue a Let's Encrypt SSL/TLS certificate for publichealthgreybruce.on.ca.

The authorization token is not available at http://publichealthgreybruce.on.ca/.well-known/acme-challenge/0h-Lp9yYj9ZCPact6Z3UmRluQhogc5aBNhHB_njv-OI.
To resolve the issue, make sure that the token file can be downloaded via the above URL.

My web server is (include version): Windows

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Astral Internet

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

Of note, if I click on the URL (http://publichealthgreybruce.on.ca/.well-known/acme-challenge/0h-Lp9yYj9ZCPact6Z3UmRluQhogc5aBNhHB_njv-OI) it opens the contents of the file. Tried putting a test.txt file there but it won't open. If I remove the extension from the file it will open in my browser.

Only started using Let's encrypt in October and although Autorenew didn't work, I was able to manually renew the certificate

Is that test file still there? Because I can't open it, I get a 403 forbidden.

Also, from my point of view, all http:// requests for your site return a "403 forbidden" HTTP response. Instead, I would have expected an HTTP to HTTPS redirect.

yes the file is there and when I browse to http://www.publichealthgreybruce.on.ca/.well-known/acme-challenge/test the file opens. It also redirects to https for me.

In the Plesk console under the section for SSL/TLS Certificates for the domain I have enabled the radio button for "Redirect from http to https"

It does not for me:

osiris@erazer ~ $ curl -v http://www.publichealthgreybruce.on.ca/.well-known/acme-challenge/test
* Host www.publichealthgreybruce.on.ca:80 was resolved.
* IPv6: (none)
* IPv4: 104.254.180.54
*   Trying 104.254.180.54:80...
* Connected to www.publichealthgreybruce.on.ca (104.254.180.54) port 80
* using HTTP/1.x
> GET /.well-known/acme-challenge/test HTTP/1.1
> Host: www.publichealthgreybruce.on.ca
> User-Agent: curl/8.10.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 403 Forbidden
< Cache-Control: no-store, no-cache
< Server: Microsoft-IIS/10.0
< Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
< Access-Control-Allow-Origin: *
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Content-Security-Policy: default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ;                             script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ;                             img-src * data: blob: 'unsafe-inline' ;                             font-src * data: blob: 'unsafe-inline' ;                             style-src * data: blob: 'unsafe-inline' ;                             connect-src * data: blob: 'unsafe-inline' ;                             object-src 'none';                             frame-src * data: blob: ;                             frame-ancestors 'self' data:;                     
< X-UA-Compatible: IE=Edge,chrome=1
< Referrer-Policy: no-referrer-when-downgrade
< X-Permitted-Cross-Domain-Policies: none
< Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
< Expect-CT: enforce, max-age=300, report-uri='https://www.nameofsite.com/'
< Date: Thu, 13 Mar 2025 19:39:47 GMT
< Content-Length: 0
< 
* Connection #0 to host www.publichealthgreybruce.on.ca left intact
osiris@erazer ~ $ 

Using HTTPS I can see a "Test Page" in HTML though. But not using http://.