Could not issue a Let's Encrypt certificate: DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk

Follow

Comments

13 comments

  • Avatar
    Marco Burkhardt

    Cannot find solution 1

     

    1
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy

    Marco Burkhardt please double check if you have an AAAA record:

    dig @8.8.8.8 +short -t AAAA example.com

    If you do and the domain does not have an IPv6 assigned make sure the AAAA record is removed.

    Which part was not found?

    0
    Comment actions Permalink
  • Avatar
    Renzo Witt

    Julian-Bonpland-Mignaquy

    Hi Julian,

    I cannot find solution 2 either.

    How can I assign an IPv6 to the domain. Could you please give me a more detailed explanation? That would be great.

    Thank you!

    Renzo

    0
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy

    Hi Renzo,

    DO you see an IPv6 in Tools and Settings > IP Addresses? If you don't that explains why you do not see it in the domain's configuration.

    Do you see the IP in the "ip a" command via ssh? If you do, then hit Reread IP in Tools and Settings > IP Addresses.

     

    It may also be possible that IPv6 is not enabled? https://support.plesk.com/hc/en-us/articles/12377462694807-How-to-enable-IPv6-addresses-on-a-Plesk-server-

    If this does not help please open a support ticket with us https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-

    0
    Comment actions Permalink
  • Avatar
    Michael Allen

    I am getting the same error message, but there is not an AAAA record in the DNS zone. So I cannot remove a non-existent record. Any advice?

    1
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy

    Hi Michael Allen, what is the output of "dig @8.8.8.8 +short -t AAAA example.com". Replace example.com with the real domain.

    0
    Comment actions Permalink
  • Avatar
    Enrique GO

    Hi Julian,

    I have a problem, I run the dig command and the response is empty, there is no IPv6 assigned.

    0
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy

    Enrique GO in that case make sure there is no IPv6 assigned in Domains > example.com > Hosting.

    0
    Comment actions Permalink
  • Avatar
    Enrique GO

    Thanks for the response Julian,

    I finally found the problem. Next to the domain I was generating the SSL for 4 other domain aliases. One of them had an AAAA (IPv6) record for a subdomain. The error shown was referring to the main domain instead of the domain alias and that was causing the confusion.

    1
    Comment actions Permalink
  • Avatar
    Bruno Redondo

    For me was giving the same error and did not have an AAAA record in the DNS zone. So I excluded the website from Cloudflare, installed Cloudflare Plugin on Plesk, exported configs to Cloudflare, and the certificate was issued. (the solution 2 for me as a newbie on Plesk, I did not know how to proceed)

    0
    Comment actions Permalink
  • Avatar
    Info

    I was going around the AAAA 400 firewall merry go round. Went into Tools & Settings > IP Addresses. Select the IP Address and set the default site to "none". New cert, happy days. I wonder what idiot changed that setting a few months back, when I get my hands on him.... Why yes, I am self employed what of it?

    0
    Comment actions Permalink
  • Avatar
    Aaron K (Edited )

    In my case, Cloudflare was blocking let's encrypt. I didn't have to do anything to DNS to resolve this. I changed Cloudflare WAF rules to allow let's encrypt.

    0
    Comment actions Permalink
  • Avatar
    Larry Nedry (Edited )

    Both solutions are useless if the website is hosted elsewhere.

    All I need to do is create a certificate for webmail.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request