My Plesk in google compute has this error in Let's Encrypt

It seems normal before, I get this error yesterday

Error: Could not issue a Let’s Encrypt SSL/TLS certificate for instance-2.asia-east2-a.c.abstract-web-255716.internal . (Google compute in Hongkong, run in centos 7)

Perhaps this domain is at risk group and is blacklisted on the Let’s Encrypt side.
See the related Knowledge Base article for details.
Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-order.
Details:
Type: urn:ietf:params:acme:error:rejectedIdentifier
Status: 400
Detail: Error creating new order :: Cannot issue for “instance-2.asia-east2-a.c.abstract-web-255716.internal”: Name does not end in a public suffix

Hi @cmdntd,

Let’s Encrypt can never issue certificates for .internal names because they are private names, and a publicly-trusted CA is only allowed to issue certificates for public, globally-unique names.

Do you use HTTPS to access services on this machine? If so, what name do you access them under? Is there a different domain name that you used to use with this machine in the past?

Did you intentionally actively ask to enable HTTPS for this machine, or could it be something that happened automatically without your knowledge?

I just need ssl for login plesk at ip 35.241.127.98
Before I could login plesk by ssl normally. I don’t know why this cause. So I add more Certificates and see this error.

I have a default Certificate, but *.crt and *-ca.crt field is blank
And when I see plesk have ssl lost, some my web have image errors and I can’t see image

What domain name were you using for this before?

I just login by my IP: 35.241.127.98:8443 and by SSL normally
When I installed plesk, it had SSL and I had not must do anything until yesterday.

Plesk will use a self-signed certificate if you haven’t defined a FQDN hostname. Otherwise, it will automatically issue a Let’s Encrypt certificate.

There’s no way to fix that - having a FQDN is supposed to be a requirement for installing Plesk. Your .internal domain is not a FQDN.

When I installed plesk, it had SSL and I had not must do anything until yesterday.
Could I back to that situation?

How I add my domain to plesk to use FQDN hostname for plesk login?
Could I use subdomain for this?

Yes.

Click the "Via Command Line" section on https://support.plesk.com/hc/en-us/articles/213941265-How-to-change-or-get-the-server-hostname-on-Plesk-server .

This doesn't seem possible if you were using the IP address to access it. Perhaps you bypassed the SSL warning previously?

Some people have issues when rebooting EC2 instances that their server hostnames revert to the EC2-assigned hostname. Could this have happened to you?

I restarted instance, but nothing happened

I changed domain name, and got Encrypt cert sussesfully.
But my plesk login does not change to https (SSL) now. How could I do next?

My status image:

It is working for me - https://server.working24.net:8443

Can you try closing your browser tab and opening that link? Sometimes browsers cache the wrong SSL status.

Yes, it work now. Thanks
But when I login by old IP 35.241.127.98:8443, it is not redirect to new subdomain

But now I can’t. Could you check it for me: https://server.working24.net/
It seems like this:
https://tinyurl.com/y5dk73do

Why would it? You can ask Plesk to implement a redirect if that's what you need.

Use https://server.working24.net:8443 and forget about connecting via https://35.241.127.98:8443.

What did you expect to see?

If you don't have a Plesk account/website bound to that domain name, then it makes sense that you would see the default Plesk website.

Ah yes, I understood. Thanks

@_az, thank you for the helpful explanations here.

It can often be confusing that certificates and web server configurations are so specific to the name under which a service is accessed, so something is working perfectly when accessed using one name, but not at all when accessed with another name.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.