Applicable to:
- Plesk Onyx for Linux
- Plesk Onyx for Windows
Symptoms
-
Unable to secure a domain and its aliases using Let's Encrypt. The following error message appears in Plesk:
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
Your domain in Plesk is hosted on the IP address(es): , but the DNS challenge used another IP address: 203.0.113.2.
Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same.
-
The following entries are found in
/usr/local/psa/admin/logs/panel.log
when Plesk debug mode is enabled:CONFIG_TEXT: WARN [extension/letsencrypt] Cannot get IP addresses for domain 'example2.com': Can not find domain by name 'example2.com'.
DEBUG [extension/letsencrypt] pm_Exception: Can not find domain by name 'example2.com' -
Domain alias is resolving to another server. This can be checked using the "nslookup" utility:
# nslookup example.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: example.com
Address: 203.0.113.2
# nslookup example2.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: example2.com
Address: 203.0.113.3
Cause
Aliases are resolving to a different server.
Resolution
Point DNS records of aliases to the Plesk server on a registrar side, wait for DNS propagation to be completed and secure the domain and alias;
OR
-
Log into Plesk
-
Go to Domains > example.com > SSL/TLS Certificates > Install
-
Uncheck the alias
example2.com
in the Available Domain Aliases list: -
Click Get it free.
Additionally, it is possible to enable Synchronize DNS zone with the primary domain option at Domains > example2.com to keep the DNS records synchronized between the domain and its alias.
Comments
0 comments
Please sign in to leave a comment.