Plesk - token is available though I get error 403

jorgece1 · July 12, 2024, 3:07am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

When trying to renew the cert through Plesk, it states token is not availble and shows the path BUT the token is there and downable.

Please advice.

My domain is: operibero.mx

I ran this command: plesk bin extension --exec letsencrypt cli.php -d operibero.mx -d webmail.operibero.mx -m jorge@develsoft.com.mx

It produced this output:

[2024-07-11 20:59:58.789] 7773:66909c2ec0734 ERR [extension/letsencrypt] The execution of cli.php has failed with the following message:
[2024-07-11 20:59:58.730] 7775:66909c2acb543 ERR [extension/letsencrypt] Domain validation failed for operibero.mx: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/375858665367.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: 52.45.109.133: Invalid response from http://operibero.mx/.well-known/acme-challenge/H6MmM6459PmBsHL47oO2hvG2dEm3vmISbzaL2HqyQ8A: 403
[2024-07-11 20:59:58.747] 7775:66909c2acb543 ERR [extension/letsencrypt] Domain validation failed: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/375858665367.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: 52.45.109.133: Invalid response from http://operibero.mx/.well-known/acme-challenge/H6MmM6459PmBsHL47oO2hvG2dEm3vmISbzaL2HqyQ8A: 403
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/375858665367.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: 52.45.109.133: Invalid response from http://operibero.mx/.well-known/acme-challenge/H6MmM6459PmBsHL47oO2hvG2dEm3vmISbzaL2HqyQ8A: 403
The execution of cli.php has failed with the following message:
[2024-07-11 20:59:58.730] 7775:66909c2acb543 ERR [extension/letsencrypt] Domain validation failed for operibero.mx: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/375858665367.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: 52.45.109.133: Invalid response from http://operibero.mx/.well-known/acme-challenge/H6MmM6459PmBsHL47oO2hvG2dEm3vmISbzaL2HqyQ8A: 403
[2024-07-11 20:59:58.747] 7775:66909c2acb543 ERR [extension/letsencrypt] Domain validation failed: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/375858665367.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: 52.45.109.133: Invalid response from http://operibero.mx/.well-known/acme-challenge/H6MmM6459PmBsHL47oO2hvG2dEm3vmISbzaL2HqyQ8A: 403
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/375858665367.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: 52.45.109.133: Invalid response from http://operibero.mx/.well-known/acme-challenge/H6MmM6459PmBsHL47oO2hvG2dEm3vmISbzaL2HqyQ8A: 403

exit status 1

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS Linux 7.9.2009 (Core)

My hosting provider, if applicable, is: own instance at AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian Versión 18.0.60

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

MikeMcQ · July 12, 2024, 3:12am

Welcome @jorgece1

The "403" at the end of the "Detail" message says the challenge was rejected by a "403 Forbidden" reply from your server.

When I access your domain I also get a 403 from a "BitNinja Captcha Server". This is probably also blocking the Let's Encrypt Server

curl -i http://operibero.mx
HTTP/1.1 403 Forbidden
Server: BitNinja Captcha Server

Can you disable that for HTTP challenges that look like?

http://operibero.mx/.well-known/acme-challenge/ChallengeToken

jorgece1 · July 12, 2024, 3:31am

thanks for your help.
Bitninja captcha challenge it is suppoused to be disabled for this domain, I'll make sure it is.
The funny thing is that several other domains under the same working captcha challenge renewed just fine...
Anyway, let me disable captcha,
will try again and let you know.

jorgece1 · July 12, 2024, 3:56am

Turned off bitninja waf and that solved it!
Thanks a lot, now I know that turning off specific modules is not enough.

Best regards,

system · August 11, 2024, 3:57am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't renew certificate nenewal Help	9	1906	November 23, 2017
Can't install SSL Certificat for my domain on plesk, Thank you for your help Help	3	522	January 2, 2021
Error: Could not issue a Let's Encrypt SSL/TLS certificate for foo.es. Authorization for the domain failed Help	2	2758	October 13, 2017
Problem getting new certificate with Plesk (solved) Help	5	471	June 22, 2023
LE renew failed Help	4	722	May 4, 2019

Plesk - token is available though I get error 403

Related topics