Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
Let's Encrypt fails to secure a domain or its webmail with a certificate at Domains > example.com > Let's Encrypt because of IP address mismatch:
-
over IPv4
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Your domain in Plesk is hosted on the IP address(es): 203.0.113.2, but the DNS challenge used another IP address: 203.0.113.10. Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same.
-
over IPv6
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Your domain in Plesk is hosted on the IP address(es): 203.0.113.2 2001:db8:f61:a1ff:0:0:0:80, but the DNS challenge used another IP address: 2001:db8:f61:a1ff:0:0:0:90. Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same
Cause
DNS misconfiguration: The domain IP address configured in Plesk at Domains > example.com > Web Hosting Access differs from the IP address to which the domain/webmail/www-subdomain resolves globally. Use the nslookup utility (available on Linux and Windows) to find actual (global) IP address of the domain:
C:\> nslookup example.com 8.8.8.8
Server: google-public-dns-a.google.com
Address: 10.55.253.101
Non-authoritative answer:
Name: example.com
Addresses: 2001:db8:f61:a1ff:0:0:0:90
203.0.113.10
It is not possible to secure a domain with "www" subdomain or webmail included, if "www" subdomain or webmail resolves to a different IP address.
Resolution
Apply one of the following solutions:
Solution I: Change the IP address in Plesk
-
-
In Plesk, go to Domains > example.com > Web Hosting Access.
-
Change an IP address for the A record to the global IP address.
-
Go to Domains > example.com > DNS Settings and make sure global IP address is shown for the A record.
-
Solution II: Change the IP address on registrar side
Change the IP address for the A record on the registrar's side to the one which is specified in Plesk. Note that a DNS change can take up to 24-48 hours to propagate globally.
Comments
0 comments
Please sign in to leave a comment.