Articles in this section

Unable to issue a Let's Encrypt certificate for a domain in Plesk when Digital Ocean DNS extension is used: During secondary validation: Incorrect TXT record

Kuzma Ivanov
Updated
Plesk for Linux kb: technical ext: le ext: sslit

Applicable to:

  • Plesk for Linux

Symptoms

  • When issuing a wildcard SSL certificate from Let's Encrypt, the operation fails with the error message:

    PLESK_ERROR: Domain validation failed: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/10877220745.
    Details:
    Type: urn:ietf:params:acme:error:unauthorized
    Status: 403
    Detail: During secondary validation: Incorrect TXT record "jAaVbSLm9IFo8Y7H4oTMEa5rMZlOAQ2hHHWKICTNhI4" found at _acme-challenge.example.com

  • DigitalOcean DNS extension is installed on the server.

  • The same TXT record that is provided in Plesk is propagated worldwide:

    # dig txt +short _acme-challenge.example.com
    "UwfPLPECXBW5xnLhROCaMj0enVfPvphesmREP5o5WNg"

Cause

The default interval set for the SSL It! extension is not enough for validation. By default, it is 1 hour.

Resolution

  1. Log in to Plesk.

  2. Install the Panel.ini Editor extension for Plesk.

  3. Go to Extensions > My Extensions > Panel.ini Editor > Open and switch to the Editor tab.

  4. Add the following lines:

    CONFIG_TEXT: [ext-sslit]
    dns-challenge-confirmation-interval = 3 hour

  5. Save the changes.

    Note: In case the issue still persists after that, increase the value, for example, to '5 hour' or '1 day'.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.