Articles in this section

Unable to reissue the Let's Encrypt SSL certificate in Plesk: DNS problem SERVFAIL looking up TXT

Vincent Lauton
Updated
Plesk for Windows Plesk for Linux kb: technical ext: le ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • After applying the instructions for the Let's Encrypt SSL certificate issuing from the article the following error message received:

    PLESK_ERROR: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/2634982859.
    Details:
    Type: urn:ietf:params:acme:error:dns
    Status: 400
    Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning

  • The used nameservers for the example.com are managed externally
  • The TXT record for example.com is not propagated globally:

    # dig -t txt _acme-challenge.example.com +short  @8.8.8.8
    #

Cause

The DNS TXT record was not added on the nameservers on the registrar-side.

Resolution

  1. Log in to Plesk

  2. Go to Domains > example.com > SSL/TLS Certificates > Install a free basic certificate provided by Let's Encrypt check the Issue a wildcard SSL/TLS certificate option and click on Install

    Note: After that do not click Continue/Reload

  3. Then add the described DNS TXT record on the nameservers on the registrar-side.

  4. After the TXT record was added on the nameservers on the registrar-side and DNS propagation will be finished, click Continue/Reload

Was this article helpful?

Comments

1 comment
Date Votes
  • Avatar
    Laurent Akn

    Do not work at all. 

    Despite Dig returns the good TXT records, there is no propagation, even after waiting more than 24hours… 

    0

Please sign in to leave a comment.