Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
The domain is configured in CloudFlare and uses CloudFlare DNS;
-
Let's Encrypt certificate cannot be issued/renewed with the following error:
PLESK_ERROR: Your domain in Plesk is hosted on the IP address(es): 203.0.113.2 , but the DNS challenge used another IP address: 203.0.113.3.
Please check the actual DNS zone of your domain and make sure that the IP addresses in the DNS zone and for the hosting are the same.
PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com
The example.com DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk.
To resolve the issue, either assign an IPv6 address to example.com ("Websites & Domains" > "Web Hosting Access") or remove the AAAA record from the example.com DNS zone.
See the related Knowledge Base article for details.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/qxK-vAPtGYg3YOSEcgZNB7HBd-unn4oX3GLtZWSxVPA.
Details:
Type: urn:acme:error:unauthorized
Status: 403 -
(optional) The captcha is enabled for the domain.
Cause
The token file is not accessible due to Cloudflare's cache.
Resolution
Note: In order to prevent such issues, exclude the token file path http://example.com/.well-known/acme-challenge/*
according to the instruction from Cloudflare: How do I exclude a specific URL from Cloudflare's caching?
- Clear the Cloudflare's cache using steps from Cloudflare's article: How do I purge my cache?
- (In case captcha is enabled) Disable captcha for the domain.
- Issue/renew Let's encrypt certificate: Log in to Plesk > Domains > example.com > SSL/TLS Certificates > Install/Reissue Certificate.
- (In case captcha was enabled) Enable captcha for the domain back.
Comments
0 comments
Please sign in to leave a comment.