Windows / Plesk: Could not issue a Let's Encrypt SSL/TLS certificate for mydomain.com


#1

My domain is: themasterstroke.com

I ran this command: create new Let’s Encrypt certificate

It produced this output: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for mydomain .com . Authorization for the domain failed.
Details

Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/X2cfjDA4SYwrReayLghRZR21jqN6Cs6dFb0zC6sHNWQ.
Details:
Type: urn:acme:error:tls
Status: 400
Detail: Fetching https:// mydomain .com/.well-known/acme-challenge/9ll2APvcmH1uhKztKnZOx8RguxItvm7xy5ZvGgr48ME: local error: tls: no renegotiation

My web server is Server 2012 R2

The operating system my web server runs on is IIS 8

I can login to a root shell on my machine but most manage via Plesk Onyx 17.5.3 Update #64

I’ve been working on this for the past 2 weeks but cannot resolve it. It started out as a non-renewal of the cert but even after deleting it, all attempts at creating a new one have failed so any help is greatly appreciated.


#2

Hi @dal1

which tool do you use to order a new certificate? Looks like there is a redirect http -> https, because the Detail-Message says something about https. But I


Domainname Http-Status redirect Sec. G
http://themasterstroke.com/
88.150.141.113 200 0.124 H
http://www.themasterstroke.com/
88.150.141.113 200 0.127 H
https://themasterstroke.com/
88.150.141.113 200 1.760 N
Certificate error: RemoteCertificateNameMismatch
https://www.themasterstroke.com/
88.150.141.113 200 1.470 N
Certificate error: RemoteCertificateNameMismatch
http://themasterstroke.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
88.150.141.113 404 0.083 A
Not Found
http://www.themasterstroke.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
88.150.141.113 404 0.060 A
Not Found

can’t see such a redirect.

The certificate is wrong. But when validating, Letsencrypt ignores such a wrong certificate.


#3

I am using the LE plugin on Plesk. There is no domain redirect but I have a number of sites that share the same ip. my other https sites have LE certs which I have not had any issues with.

Apologies for the mydomain.com being used instead of themasterstroke.com. I copied it from notes when I substituted the domain.


#4

Sure?

There

is the same problem - and the solution.

Details: Fetching ... : local error: tls: no renegotiation

Answer:

you have a permanent redirect to " https ", while Let’s Encrypt only validates over " http " and your currently used “default” certificate is invalid.
Pls. consider to remove your redirect and your default certificate and start over the certificate creation process and pls. inspect issues/errors/problems with Let’s Encrypt over your “panel.log”.


#5

This is what shows for https redirect so a bit puzzled:

However, I did remove the redirect early this morning (about 6 hrs ago) after I deleted the un-renewable cert from the server. I would not have thought it required propagation.


#6

I did remove the redirect early this morning (about 6 hrs ago) after I deleted the un-renewable cert from the server. I would not have thought it required propagation. Do the site bindings also need to be amended as they currently show both http (80) and https (443) entries?


#7

Resolved! It would seem propagation is a factor as, at last, the certificate was created. The big question now is will it autorenew or will I need to go through this every 3 months?

JuergenAuer, Thanks very much for your help!


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.