Hello,
I am using the certificates on my private webserver at several domains and all works fine. Now I moved a photo gallery this weekend to the server too from my old one. There I am trying to install the certificate but Plesk shows me only the following error message.
As all domains are running with https this is the only one which does not work. Could you please help me?
System: Plesk Onyx v17.5.3_build1705170317.16 os_Ubuntu 14.04
OS: Ubuntu 14.04.5 LTS
Automatic updates are always on.
It can be hard for us to diagnose Plesk-related problems because we don’t really have visibility or control over the Plesk code base, and no Plesk developers have participated in this forum so far. It may be more effective to ask on a Plesk support forum instead.
The meaning of this error is that the Let’s Encrypt client used by Plesk is attempting to prove your control over this domain name, and is doing so by trying to create a file at a specified location on the site. However, when the certificate authority comes to check for the presence of this file, it instead receives a 404 Not Found error from your web server.
This could be because the webroot directory (i.e., the directory where files must be placed in order to be served by the web server as your web site’s content) was specified incorrectly. It could also be related to the web server configuration in some way, for example because it prohibits serving files from the chosen directory, or because it’s passing through requests as a reverse proxy to some other server, instead of serving files out of the filesystem at all. If you can find any unusual way in which the server is configured not to serve files from a directory on disk, or to forbid serving files from /.well-known, that could be related to this problem.
But I’m sorry to say that if Plesk made all of these decisions automatically without asking you, it’s likely to be a Plesk bug or a strange interaction between Plesk and other software, and can most likely only be solved by the Plesk developers.
Good luck resolving your problem and thanks for using Let’s Encrypt.
I’m having a similar issue.
[2017-06-01 20:19:43] ERR [extension/letsencrypt] Execution of /usr/local/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Challenge marked as invalid. Details: Could not connect to xxxx
Execution of /usr/local/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output:
Challenge marked as invalid. Details: Could not connect to xxxx
I will repeat what I said above that no Plesk developers have been known to participate in this forum and that we can’t easily debug Plesk-related problems. Generally only developers of the open-source Let’s Encrypt clients have personally participated in this forum. There is a Plesk-specific forum at
which would probably be more helpful.
To add something from another thread, most of the recent mysterious challenge failures (whether with Plesk or other clients) have been associated with Let’s Encrypt’s switch to prefer validations over IPv6 instead of IPv4. We’ve seen that many users have an IPv6 address that they’re advertising in DNS with an AAAA record, which they may not even have known or remembered about. Let’s Encrypt will try to connect to that address over IPv6 to perform the validation, and if there’s a timeout or 404 error, the challenge will be marked as failed. There is no direct evidence that that’s the specific reason for either of your problems (and redacting the domain name has prevented me from checking for myself!) but this is a good thing to look into in general. I would say that this has accounted for up to 60% of the problems that people have encountered with failed HTTP-01 challenges on all platforms since the change took effect.
I still hope that Plesk can fix this issue, because supporting IPv6 is useful for the future health of the Internet. If these bugs give everyone a reason to completely turn off IPv6 for their sites, that will be nice for HTTPS adoption, but at the expense of IPv6 adoption. So I hope to see a future solution where users can have both!
The tip with the AAAA entry solved my problems. The certificates are working, renewed and new for new domains. Only a error message appears about the webmail addres but this is something which is not important for me.