- Plesk for Linux
- Plesk for Windows
The following error occurs on an attempt to secure domain/subdomain/alias with Let's Encrypt via Domains > example.com > SSL/TLS Certificates:
PLESK_ERROR: Detail: DNS problem: NXDOMAIN looking up A for alias.example.com
PLESK_ERROR: Detail: DNS problem: query timed out looking up A for alias.example.com
The following may be seen on the notification taskbar:
PLESK_WARN: An issue occurred while securing the domain example.com:
The certificate has been issued. Some alternative domain names were excluded.
Domains that have not been secured are listed below. Please secure them manually.
The domain from the error,
alias.example.comin this example, cannot be resolved globally.
Note: The error may also occur for the
webmail.example.comand for the domain with
- The domain/subdomain/alias does not resolve globally:
# dig @220.127.116.11 +short subdomain.example.com
# dig @18.104.22.168 +short alias.example.com
# dig @22.214.171.124 +short www.example.com
The following can be found in
CONFIG_TEXT: ERR [extension/letsencrypt] Domain validation failed for webmail.example.com: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/aIPfYgujjNY_d7gGU4g5iAfJ2HfieC5aAL1bwgSRJi8. Details: Type: urn:acme:error:connection Status: 400 Detail: dns :: DNS problem: NXDOMAIN looking up A for webmail.example.com
ERR [extension/letsencrypt] Domain validation failed: Missed domain names failed to pass validation: webmail.example.com
Missing DNS record
Use one of the following solutions:
Correct DNS settings:
If Plesk is used as DNS server, add the required records as described in the following article How to add a DNS record for a domain in Plesk
In case if DNS are hosted outside of Plesk, create the records on the DNS registrars side.
Note: after correcting DNS settings, it is required to wait until a DNS zone is propagated through the Internet. It may take up to 48 hours.
Secure only main domain, e.g example.com:
Open Domains > example.com > SSL/TLS Certificates > Install(at the bottom) and leave only Secure the domain name checkbox toggled and issue the certificate: