Articles in this section

Unable to install Let's Encrypt certificate for a domain and alias: Error: Your domain in Plesk is hosted on the IP address(es) but the DNS challenge used another IP address

Vincent Lauton
Updated
kb: technical ext: le Plesk Onyx for Linux ABT: Group B Plesk Onyx for Windows

Applicable to:

  • Plesk Onyx for Linux
  • Plesk Onyx for Windows

Symptoms

  • Unable to secure a domain and its aliases using Let's Encrypt. The following error message appears in Plesk:

    PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
    Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP address: 203.0.113.2.
    Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same.

  • The following entries are found in /usr/local/psa/admin/logs/panel.log when Plesk debug mode is enabled:

    CONFIG_TEXT: WARN [extension/letsencrypt] Cannot get IP addresses for domain 'example2.com': Can not find domain by name 'example2.com'.
    DEBUG [extension/letsencrypt] pm_Exception: Can not find domain by name 'example2.com'

  • Domain alias is resolving to another server. This can be checked using the "nslookup" utility:

    # nslookup example.com 8.8.8.8
    Server: 8.8.8.8
    Address: 8.8.8.8#53

    Non-authoritative answer:
    Name: example.com
    Address: 203.0.113.2

    # nslookup example2.com 8.8.8.8
    Server: 8.8.8.8
    Address: 8.8.8.8#53

    Non-authoritative answer:
    Name: example2.com
    Address: 203.0.113.3

Cause

Aliases are resolving to a different server.

Resolution

Point DNS records of aliases to the Plesk server on a registrar side, wait for DNS propagation to be completed and secure the domain and alias;

OR

  1. Log into Plesk

  2. Go to Domains > example.com > SSL/TLS Certificates > Install

  3. Uncheck the alias example2.com in the Available Domain Aliases list:

    mceclip0.png

  4. Click Get it free.

Additionally, it is possible to enable Synchronize DNS zone with the primary domain option at Domains > example2.com to keep the DNS records synchronized between the domain and its alias.

Was this article helpful?

Comments

1 comment
Date Votes
  • Avatar
    Mathieu Peloquin

    What would be the troubleshooting steps, log files, etc. to find out what is happening when the domain alias is pointing to the same server (and was not changed lately, so no dns propagation involved) and we still get the same error?

    0

Please sign in to leave a comment.