To resolve the issue, make it is possible to download the token file via the above URL. See the related Knowledge Base article for details

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://the-devils-sanctum.info

I ran this command: Let’s Encrypt

It produced this output: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for the-devils-sanctum.info.

The authorization token is not available at https://the-devils-sanctum.info/.well-known/acme-challenge/LumNGLEgi0VrmLLT5L6KAPKh9ICfNAehp-v2TCHOGvg.
To resolve the issue, make it is possible to download the token file via the above URL.
See the related Knowledge Base article for details.

My web server is (include version): Plesk Onyx
Version 17.8.11 Update #6 running Centos 7.0.x

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):PLESK

please show the log file:
/var/log/letsencrypt/letsencrypt.log

Also:
Although both IPv4 and IPv6 seem to work correctly:
Addresses: 2400:cb00:2048:1::681c:1360
2400:cb00:2048:1::681c:1260
104.28.18.96
104.28.19.96

Those IPs are from CloudFlare - which may have something to do with the problem you are having.

Status: 403
Detail: CAA record for the-devils-sanctum.info prevents issuance
[2018-05-11 06:54:04.502] ERR [extension/letsencrypt] Domain validation failed: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/CU6SzO9hHqifUiC7Q6fgTWh6ev4yw5dOMPNDs93C_PM.
Details:
Type: urn:acme:error:caa
Status: 403
Detail: CAA record for the-devils-sanctum.info prevents issuance
[2018-05-11 06:54:04.669] ERR [extension/letsencrypt] Failed to renew certificate of domain 'the-devils-sanctum.info': Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/CU6SzO9hHqifUiC7Q6fgTWh6ev4yw5dOMPNDs93C_PM.
Details:
Type: urn:acme:error:caa
Status: 403
Detail: CAA record for the-devils-sanctum.info prevents issuance

i've switched off CloudFlare still getting the same issues.

Your domains CAA record is preventing LE from issuing you a cert.
dig CAA the-devils-sanctum.info
;; ANSWER SECTION:
the-devils-sanctum.info. 300 IN CAA 0 iodef “the-devils-sanctum.info”
the-devils-sanctum.info. 300 IN CAA 0 issue “comodoca.com
the-devils-sanctum.info. 300 IN CAA 0 issue “digicert.com
the-devils-sanctum.info. 300 IN CAA 0 issue “globalsign.com
the-devils-sanctum.info. 300 IN CAA 0 issuewild “comodoca.com
the-devils-sanctum.info. 300 IN CAA 0 issuewild “digicert.com
the-devils-sanctum.info. 300 IN CAA 0 issuewild “globalsign.com

1 Like

By the way... that iodef setting doesn't work. It has to be an http:, https: or mailto: URI, not just a hostname.

(Let's Encrypt doesn't send iodef reports for failed validation attempts, though.)

Thank you for the information,

The lets encrypt worked before plesk has done update don’t understand why stopped working i only have 24 days left when its expired it will not renew and it gives me that error above everytime. I disabled cloudflare thinking that was the issue, still having the same problem can please explain how to fix this issue.

thanks.

in your DNS zone:
you need to add a CAA record for letsencrypt.org

You should also remove the invalid CAA iodef record. In and of itself, it’s probably not breaking anything; however, if you delete it – without adding any other CAA records – Cloudflare’s systems may remove the other automagically generated issue and issuewild records, which would be another way of allowing Let’s Encrypt (and all CAs) to issue certificates again.

Thank You, so much it’s now working :slight_smile: :slight_smile: Information: Let’s Encrypt SSL/TLS certificate has been installed on the-devils-sanctum.info.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.