Articles in this section

Unable to install Let's Encrypt certificate for the domain hosted in Plesk: SERVFAIL looking up A for example.com

Gabriel Aznarez
Updated
Plesk for Windows Plesk for Linux kb: technical ext: le ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • Let's Encrypt certificate cannot be installed with one of the following errors:

    Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/DEADBEEFMwVU3eZxfBU9-PRUcd51tflRLJD7CoBTxrQ.
    Details:
    Type: urn:acme:error:dns
    Status: 400
    Detail: DNS problem: SERVFAIL looking up A for example.com

    Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
    Details
    Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/0VWhDoTjEzzwPXNzPHd-zO73YAdXa8qgyac7eEiPQqY.
    Details:
    Type: urn:acme:error:connection
    Status: 400
    Detail: unknownHost :: No valid IP addresses found for example.com

    DNS problem: NXDOMAIN looking up A for example.com
    - check that a DNS record exists for this domain

  • A website example.com may be created recently.

  • Domain name cannot be resolved against some of global DNS resolvers:

    # dig example.com @8.8.8.8 +short
    #

  • Unable to issue the certificate for example.com with the following error message found at /var/log/panel.log:

    ERR [extension/sslit] Failed to renew certificate of domain 'example.com': Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/186606762567. Details: Type: urn:ietf:params:acme:error:dns Status: 400 Detail: no valid A records found for example.com; no valid AAAA records found for example.com

Cause

The DNS A type record does not exist or DNS propagation is not completed.

Resolution

Add the A DNS record type for the domain:

If it is not clear what NS servers are managing DNS for the domain:
  1. Go to the online NS record checker (for instance this one: Online tool for NS server check);
  2. Check if the NS servers are the same with the Domains > exmple.com > DNS Settings. If they are, then your DNS is managed by Plesk.
    If there are not matching or the option Domains > example.com > DNS Settings is absent, thus, 3-d party DNS server is used (i.e. DNS provider).
If DNS is managed in Plesk:

  1. Log into Plesk;

  2. Add record (type A) for the example.com in Plesk > Domains > example.com > DNS Settings > Add Record:

    border_plus_DNS.PNG

  3. Click OK.

If DNS is managed by a 3d-party DNS provider:

Contact the domain provider in order to add appropriate A record

Note: If record has been already added, but the error persist, it is required to wait for a while. DNS propagation may take up to 72 hours. Use this tool in order to check global DNS propagation: DNS Propagation Check.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.