Could not issue a Let's Encrypt certificate: DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk

Comments

25 comments

  • Avatar
    Marco Burkhardt

    Cannot find solution 1

     

    1
  • Avatar
    Julian Bonpland Mignaquy

    Marco Burkhardt please double check if you have an AAAA record:

    dig @8.8.8.8 +short -t AAAA example.com

    If you do and the domain does not have an IPv6 assigned make sure the AAAA record is removed.

    Which part was not found?

    0
  • Avatar
    Renzo Witt

    Julian Bonpland Mignaquy

    Hi Julian,

    I cannot find solution 2 either.

    How can I assign an IPv6 to the domain. Could you please give me a more detailed explanation? That would be great.

    Thank you!

    Renzo

    0
  • Avatar
    Julian Bonpland Mignaquy

    Hi Renzo,

    DO you see an IPv6 in Tools and Settings > IP Addresses? If you don't that explains why you do not see it in the domain's configuration.

    Do you see the IP in the "ip a" command via ssh? If you do, then hit Reread IP in Tools and Settings > IP Addresses.

     

    It may also be possible that IPv6 is not enabled? https://support.plesk.com/hc/en-us/articles/12377462694807-How-to-enable-IPv6-addresses-on-a-Plesk-server-

    If this does not help please open a support ticket with us https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-

    0
  • Avatar
    Michael Allen

    I am getting the same error message, but there is not an AAAA record in the DNS zone. So I cannot remove a non-existent record. Any advice?

    2
  • Avatar
    Julian Bonpland Mignaquy

    Hi Michael Allen, what is the output of "dig @8.8.8.8 +short -t AAAA example.com". Replace example.com with the real domain.

    0
  • Avatar
    Enrique GO

    Hi Julian,

    I have a problem, I run the dig command and the response is empty, there is no IPv6 assigned.

    0
  • Avatar
    Julian Bonpland Mignaquy

    Enrique GO in that case make sure there is no IPv6 assigned in Domains > example.com > Hosting.

    0
  • Avatar
    Enrique GO

    Thanks for the response Julian,

    I finally found the problem. Next to the domain I was generating the SSL for 4 other domain aliases. One of them had an AAAA (IPv6) record for a subdomain. The error shown was referring to the main domain instead of the domain alias and that was causing the confusion.

    2
  • Avatar
    Bruno Redondo

    For me was giving the same error and did not have an AAAA record in the DNS zone. So I excluded the website from Cloudflare, installed Cloudflare Plugin on Plesk, exported configs to Cloudflare, and the certificate was issued. (the solution 2 for me as a newbie on Plesk, I did not know how to proceed)

    0
  • Avatar
    Info

    I was going around the AAAA 400 firewall merry go round. Went into Tools & Settings > IP Addresses. Select the IP Address and set the default site to "none". New cert, happy days. I wonder what idiot changed that setting a few months back, when I get my hands on him.... Why yes, I am self employed what of it?

    0
  • Avatar
    Aaron K (Edited )

    In my case, Cloudflare was blocking let's encrypt. I didn't have to do anything to DNS to resolve this. I changed Cloudflare WAF rules to allow let's encrypt.

    0
  • Avatar
    Larry Nedry (Edited )

    Both solutions are useless if the website is hosted elsewhere.

    All I need to do is create a certificate for webmail.

    1
  • Avatar
    Larry Nedry

    Website is hosted elsewhere as is my DNS.

    Neither solution will resolve the issue.

    0
  • Avatar
    Julian Bonpland Mignaquy

    Hi Larry, if the website resolves to an ip which is not plesk you will not be able to secure it from Plesk.

    0
  • Avatar
    Julian Bonpland Mignaquy

    HI Larry Nedry, i missed your first message:

    All I need to do is create a certificate for webmail.

    Please proceed as follows:
    If the main domain in Plesk has the hosting type Website.
    1. Set Webmail to "None" in Domains > example.com > Mail > Mail settings
    2. Create a subdomain webmail.example.com in Subscriptions > example.com > Add Subdomain.
    3. Issue a Let's Encrypt certificate for it in Domains > webmail.example.com > Let's Encrypt.
    4. Secure the webmail with this certificate in Domains > example.com > Mail > Mail Settings > SSL/TLS certificate for webmail.
    5. Delete the subdomain webmail.example.com in Domains > webmail.example.com > Remove Subdomain.

    Note: Such certificate will not be renewed automatically. Use the above steps for renewing such certificate when its expiration date is close.

    0
  • Avatar
    Mike Monnerie (Edited )

    I have Domain „A“ setup correctly and get a cert. Then I activate Domain „B“, and letsencrypt tells me, that I have AAAA record for Domain A, but not assigned an IP in Plesk. But everything works when I only have Domain A. Problems arise when I try to include domain B only. What might be important is that my DNS are external, so Plesk/LE cannot change DNS entries.

    I’ve tried many scenarios, but don’t find it.
    What’s the problem?

    Screenshot: domain A=wortbildkoeniginnen.com
    domain B=textimagequeens.com and/or wortbildköniginnen.com, I tried both or single, no change.

    0
  • Avatar
    Julian Bonpland Mignaquy

    Hi Mike Monnerie, try removing this IP from your external DNS:

    dig +short textimagequeens.com AAAA
    2a02:c207:2068:4753::2abc
    1
  • Avatar
    Mike Monnerie (Edited )

    Seems I found the problem: my data center has moved to another location, and while IPv4 stayed the same, it seems they forgot/misconfigured IPv6. I found this website which really tests for IPv6 connections on websites, in case anyone else needs it:
    https://www.mythic-beasts.com/ipv6/health-check

    And my result is in this picture:

    0
  • Avatar
    Mehmet ALTINIŞIK

    First of all, I use deep translator, I use Plesk, but when I moved the site DNS to Cloudflare, I had a big problem, this process was happening in Cpanel without any effort, anyway I created my own name server on my own server like ns1.my.com and ns2.my.com and it was working fine, when I moved it to Cloudflare, the problems started, there is no IP on the server, there is only IP4 in Plesk Panel, the server DNS configurations are turned off but this problem is not solved, 

    Translated with DeepL.com (free version)

     

    öncelikle   deep translator  kullanıyorum, Plesk kullanıyorum  ama site DNS lerini ne zaman  Cloudflare taşıdım, başıma büyük bir der aldım, bu işlem Cpanelde  hiç uğraştırmadan oluyordu,   her neyse kenddime ait sunucuda kendime ait    ns1.benim.com  ve ns2.benim.com  gibi  name server oluşturdum ve gayet güzel çalışıyordu, ne zaman  Cloudflare taşıdım  başladı proplemler, sunucuda IP yok  Plesk Panelde sadece IP4 mevcut,  sunuc DNS yapılandırmaları kapalı ama bu problem cözümlenmedi, 

    0
  • Avatar
    Julian Bonpland Mignaquy

    Mehmet ALTINIŞIK could you please provide more detailed errors? You mentioned there is no IP on the server. Is this an error you get in Cloudflare or in PLesk.

    I would recommend opening a support ticket with us in order to get to the bottom of this: https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk#:~:text=Login%20to%20Plesk%20support%20ticket,form%20%3E%20choose%20Technical%20Support%20Request.&text=If%20the%20license%20was%20purchased,will%20see%20the%20warning%20below.

    0
  • Avatar
    Robin Labadie

    For your info, I had this error while and IPv6 was properly assigned, and properly responding in DNS, and I was able to access the website using IPv6.

    The problem was, after a migration, I forgot to migrate the DNS zone for the alias, and it was still pointing the old server.

    Therefore the error message was incorrectly reporting a problem on the main domain's AAAA, while the problem was on the alias. Plesk could handle this specific case in a better way. Would have saved me (and others likely many times) 15 mins. :)

    0
  • Avatar
    Julian Bonpland Mignaquy

    Hi Robin Labadie we have that reported as bug ID EXTSSLIT-1875 which will be fixed in future updates.

    0
  • Avatar
    Marcos Mansueti

    Hi, 

    If anyone use CloudFlare and have that error the solution it's here> https://support.plesk.com/hc/en-us/articles/19574750125463/comments/28198333522711

    0
  • Avatar
    Julian Bonpland Mignaquy

    Hi Marcos Mansueti thank you, yes it is mentioned in the article as well:

    Note: If you use Cloudflare for DNS management and encounter this issue, refer to the following article:
    Let’s Encrypt for domain that uses Cloudflare fails: DNS zone contains an AAAA record but the domain is not assigned an IPv6 address in Plesk

    0

Please sign in to leave a comment.

Have more questions? Submit a request