Misconfiguration of the Common Challenge Directory | Fix-it
Misconfiguration of the Common Challenge Directory can be easily resolved with the help of our experts.
At Bobcares, we offer solutions for every query, big and small, as a part of our
Let’s take a look at how our
All About Misconfiguration of the Common Challenge Directory
The Let’s Encrypt certificate is sometimes not issued for a domain in Plesk. We can find the cause behind the issue by taking a look at the error message and studying the symptoms. Let’s Encrypt is a global CA. It allows organizations and people across the globe to obtain, renew as well as manage SSL/TLS certificates. In other words, websites use these certificates to enable secure HTTPS connections. Moreover, Let’s Encrypt also offers DV (Domain Validation) certificates.
In this particular scenario, we won’t be able to issue a Let’s Encrypt certificate at Domains > example.com > SSL/TLS Certificates > Get it free. It results in the following error:
Could not access the following file or directory: 'C:Program Files (x86)Pleskvaracme-challenge/web.config'. Please make sure that the domain's system user has read and write access to this file or directory.
The authorization token is not available at http://example.com/.well-known/acme-challenge/qgU4e7ba4V7Tk69t4hYIYm09LJHktMaJIhPIngrOYFM. To resolve the issue, make sure that the token file can be downloaded via the above URL.
Additionally, we will also come across the following message in the %plesk_dir%adminlogsphp_error.log file:
DEBUG [extension/sslit] Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/5298134528. Details: Type: urn:ietf:params:acme:error:unauthorized Status: 403 Detail: Invalid response from http://example.com/.well-known/acme-challenge/ABCdE012_DRzM2ChDDWcqHwjZ5FORmnopq543210XYZ [203.0.113.2]: "rn<html xmlns="http" INFO [extension/sslit] The count of the notifications which are waiting to be sent: 143.
Furthermore, another noticeable symptom is being unable to secure or renew the Let’s Encrypt certificate in Tools & Settings > SSL & TLS certificates:
Could not request a Let's Encrypt SSL/TLS certificate for hostname.com Go to http://hostname.com/.well-known/acme-challenge/HNYz-pKf-JtRgX-1gIFl2VrK2inUQs2uwIPWJuYnN3g and сheck if the authorization token is available. If it is, try to request the certificate again. If the token is not available, there may be an issue with your DNS configuration. Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP: 203.0.113.2
How to Resolve Misconfiguration of the Common Challenge Directory
- First, connect to the server with the help of RDP.
- Then, head to IIS > Sites > Find the Default Web Site site >. If the website is not present, we can click Add Website… then add the following information and enter OK:
- Site name: Default Web Site
- Application pool: DefaultAppPool
- Binding type: http
- Physical path: %plesk_vhosts%defaulthtdocs
- Hostname: <EMPTY>
- IP address: All Unassigned
- Port: 80
- Start Website immediately: Enabled
- Then, head to IIS > Sites > Find the acme-challenge site > and delete it by right-clicking on it and finally select Remove.
- After that, copy %plesk_dir%etcacme-challenge.config file to %plesk_dir%varacme-challenge folder.
- Next, we rename the file formt eh previous step to %plesk_dir%varacme-challengeweb.config.
- Then, start a command prompt as Administrator and run the following command to restore the acme-challenge:
C:>plesk sbin websrvmng –add-acme-challenge-site
- After that, execute the following command in order to set the proper permissions for the Common Challenge Directory:
C:>plesk repair --directory-permissions -directory "%plesk_dir%var"
- Finally, we disable and again enable Common Challenge Directory with these commands:
C:>plesk ext sslit --common-challenge-dir -disable C:>plesk ext sslit --common-challenge-dir -enable
[Looking for a solution to another query?
To conclude, our skilled