To resolve the issue, make it is possible to download the token file via the above URL. See the related Knowledge Base article for details


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://the-devils-sanctum.info

I ran this command: Let’s Encrypt

It produced this output: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for the-devils-sanctum.info.

The authorization token is not available at https://the-devils-sanctum.info/.well-known/acme-challenge/LumNGLEgi0VrmLLT5L6KAPKh9ICfNAehp-v2TCHOGvg.
To resolve the issue, make it is possible to download the token file via the above URL.
See the related Knowledge Base article for details.

My web server is (include version): Plesk Onyx
Version 17.8.11 Update #6 running Centos 7.0.x

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):PLESK


#2

please show the log file:
/var/log/letsencrypt/letsencrypt.log

Also:
Although both IPv4 and IPv6 seem to work correctly:
Addresses: 2400:cb00:2048:1::681c:1360
2400:cb00:2048:1::681c:1260
104.28.18.96
104.28.19.96

Those IPs are from CloudFlare - which may have something to do with the problem you are having.


#3

Status: 403
Detail: CAA record for the-devils-sanctum.info prevents issuance
[2018-05-11 06:54:04.502] ERR [extension/letsencrypt] Domain validation failed: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/CU6SzO9hHqifUiC7Q6fgTWh6ev4yw5dOMPNDs93C_PM.
Details:
Type: urn:acme:error:caa
Status: 403
Detail: CAA record for the-devils-sanctum.info prevents issuance
[2018-05-11 06:54:04.669] ERR [extension/letsencrypt] Failed to renew certificate of domain ‘the-devils-sanctum.info’: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/CU6SzO9hHqifUiC7Q6fgTWh6ev4yw5dOMPNDs93C_PM.
Details:
Type: urn:acme:error:caa
Status: 403
Detail: CAA record for the-devils-sanctum.info prevents issuance

i’ve switched off CloudFlare still getting the same issues.


#4

Your domains CAA record is preventing LE from issuing you a cert.
dig CAA the-devils-sanctum.info
;; ANSWER SECTION:
the-devils-sanctum.info. 300 IN CAA 0 iodef “the-devils-sanctum.info”
the-devils-sanctum.info. 300 IN CAA 0 issue “comodoca.com
the-devils-sanctum.info. 300 IN CAA 0 issue “digicert.com
the-devils-sanctum.info. 300 IN CAA 0 issue “globalsign.com
the-devils-sanctum.info. 300 IN CAA 0 issuewild “comodoca.com
the-devils-sanctum.info. 300 IN CAA 0 issuewild “digicert.com
the-devils-sanctum.info. 300 IN CAA 0 issuewild “globalsign.com


#5

By the way… that iodef setting doesn’t work. It has to be an http:, https: or mailto: URI, not just a hostname.

https://tools.ietf.org/html/rfc6844#section-5.4

(Let’s Encrypt doesn’t send iodef reports for failed validation attempts, though.)


#6

Thank you for the information,

The lets encrypt worked before plesk has done update don’t understand why stopped working i only have 24 days left when its expired it will not renew and it gives me that error above everytime. I disabled cloudflare thinking that was the issue, still having the same problem can please explain how to fix this issue.

thanks.


#7

in your DNS zone:
you need to add a CAA record for letsencrypt.org


#8

You should also remove the invalid CAA iodef record. In and of itself, it’s probably not breaking anything; however, if you delete it – without adding any other CAA records – Cloudflare’s systems may remove the other automagically generated issue and issuewild records, which would be another way of allowing Let’s Encrypt (and all CAs) to issue certificates again.


#9

Thank You, so much it’s now working :slight_smile: :slight_smile: Information: Let’s Encrypt SSL/TLS certificate has been installed on the-devils-sanctum.info.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.