If you receive a "Let's Encrypt SSL certificate installation failed: Challenge marked as invalid" error when trying to add a domain or renew an existing one, it may be that you have a redirect in Apache or .htaccess which is breaking the challenge response. The error will look like this: 

let's encrypt - challenge marked as invalid

To correct, check for redirects using the guide below.


  1. Check your .htaccess file for redirects. If there are complete matches for the entire domain, this won't be compatible with the Let's Encrypt challenge.
  2. If it's not within your .htaccess file, within Plesk go to the domain and then Apache and nginx Settings. If you have a blanket redirect (such as the one below), remove it and add it using the following guide: Plesk Onyx HTTPS redirect
    let's encrypt - additional apache directives
  3. Try to renew or create the SSL certificate via Let's Encrypt again.
  4. If there are errors still, please contact your hosting provider for further assistance.
Was this article helpful?

Related Articles