Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
Unable to issue a Let's Encrypt certificate for a domain in Plesk, the process fails with the following error message:
Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com
The example.com DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk.
To resolve the issue, either assign an IPv6 address to example.com ("Websites & Domains" > "Web Hosting Access") or remove the AAAA record from the example.com DNS zone.
See the related Knowledge Base article for details.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/qxK-vAPtGYg3YOSEcgZNB7HBd-unn4oX3GLtZWSxVPA.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Cause
Domain resolves to an IPv6 address but the domain is not assigned or does not have an IPv6 in Plesk:
# dig @8.8.8.8 +short -t AAAA example.com
2001:db8:f61:a1ff:0:0:0:80
Resolution
Click on a section to expand
- Log in to Plesk
- Go to Domains > example.com > DNS Settings and remove AAAA record
- Log in to Plesk
- Go to Domains > example.com > Web Hosting Access and assign an IPv6 to the domain.
Note: IPv6 address should exist on network interface and in Tools & Settings > IP Addresses
Comments
9 comments
Cannot find solution 1
Marco Burkhardt please double check if you have an AAAA record:
If you do and the domain does not have an IPv6 assigned make sure the AAAA record is removed.
Which part was not found?
Julian Bonpland Mignaquy
Hi Julian,
I cannot find solution 2 either.
How can I assign an IPv6 to the domain. Could you please give me a more detailed explanation? That would be great.
Thank you!
Renzo
Hi Renzo,
DO you see an IPv6 in Tools and Settings > IP Addresses? If you don't that explains why you do not see it in the domain's configuration.
Do you see the IP in the "ip a" command via ssh? If you do, then hit Reread IP in Tools and Settings > IP Addresses.
It may also be possible that IPv6 is not enabled? https://support.plesk.com/hc/en-us/articles/12377462694807-How-to-enable-IPv6-addresses-on-a-Plesk-server-
If this does not help please open a support ticket with us https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-
I am getting the same error message, but there is not an AAAA record in the DNS zone. So I cannot remove a non-existent record. Any advice?
Hi Michael Allen, what is the output of "dig @8.8.8.8 +short -t AAAA example.com". Replace example.com with the real domain.
Hi Julian,
I have a problem, I run the dig command and the response is empty, there is no IPv6 assigned.
Enrique GO in that case make sure there is no IPv6 assigned in Domains > example.com > Hosting.
Thanks for the response Julian,
I finally found the problem. Next to the domain I was generating the SSL for 4 other domain aliases. One of them had an AAAA (IPv6) record for a subdomain. The error shown was referring to the main domain instead of the domain alias and that was causing the confusion.
Please sign in to leave a comment.