- Plesk Onyx for Linux
- Plesk Security Advisor fails or the following command failed to create Let's Encrypt certificate:
# /usr/local/psa/bin/extension --exec letsencrypt cli.php -d $(hostname --fqdn) -m email@example.com
ERR [extension/letsencrypt] Execution of /opt/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed with exit code 1 and the output: Failed to pass challenges for domain 'example.com'
- During creating the certificate using GUI at Plesk > Extensions > Let's Encrypt the following error message appears:
PLESK_ERROR: Error: Unable to obtain Let's Encrypt SSL certificate because of incorrect DNS configuration for domain example.com.
Global DNS contains an AAAA record for IPv6, but in Plesk, the domain is assigned only an IPv4 address. To resolve the issue, either add an IPv6 address via Web Hosting Access settings, or remove the AAAA record from the global DNS for the domain. See the related Knowledge Base article for details.
Original error message:
Invalid response from http://example.com/.well-known/acme-challenge/IT--FjzY89nEcEQV-sublEQ-Y69FpXakfgdpVhDGrCU: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p"
Worldwide DNS servers contain an AAAA record for IPv6, but in Plesk, the domain is assigned only an IPv4 address.
Solution 1. Remove AAAA record from Global DNS server.
If IPv6 is not used on the server on the server access your registrar's panel and remove AAAA DNS record.
Note: It can take up to 48 to transfer DNS changes to worldwide DNS servers.
Solution 2. Assign IPv6 address to the subscription.
- Log into Plesk.
- Navigate to Plesk > Subscriptions > example.com > Web Hosting Access and assign a proper IPv6 address to the domain example.com or remove it from DNS records:
- Go to the Plesk > Extensions > Let's Encrypt > example.com and generate a certificate for the domain by pressing the button Install: