hi,
Check your .htaccess file for redirects. If there are complete matches for the entire domain, this won't be compatible with the Let's Encrypt challenge.
If it's not within your .htaccess file, within Plesk go to the domain and then Apache and nginx Settings.
If you have a blanket redirect, remove it and add it using the following guide: Plesk Onyx HTTPS redirect .