Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
The following error occurs on an attempt to secure domain/subdomain/alias with Let's Encrypt via Domains > example.com > SSL/TLS Certificates:
PLESK_ERROR: Detail: DNS problem: NXDOMAIN looking up A for alias.example.com
PLESK_ERROR: Detail: DNS problem: query timed out looking up A for alias.example.com
-
The following may be seen on the notification taskbar:
PLESK_WARN: An issue occurred while securing the domain example.com:
The certificate has been issued. Some alternative domain names were excluded.
Domains that have not been secured are listed below. Please secure them manually.
· www.example.com
· webmail.example.com
· alias.example.com -
The domain from the error,
alias.example.com
in this example, cannot be resolved globally.Note: The error may also occur for the
webmail.example.com
and for the domain withwww
prefix, e.g.www.example.com
.
- The domain/subdomain/alias does not resolve globally:
# dig @8.8.8.8 +short subdomain.example.com
#
# dig @8.8.8.8 +short alias.example.com
#
# dig @8.8.8.8 +short www.example.com
# -
The following can be found in
/var/log/plesk/panel.log
:CONFIG_TEXT: ERR [extension/letsencrypt] Domain validation failed for webmail.example.com: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/aIPfYgujjNY_d7gGU4g5iAfJ2HfieC5aAL1bwgSRJi8. Details: Type: urn:acme:error:connection Status: 400 Detail: dns :: DNS problem: NXDOMAIN looking up A for webmail.example.com
ERR [extension/letsencrypt] Domain validation failed: Missed domain names failed to pass validation: webmail.example.com
Cause
Missing DNS record
Resolution
Use one of the following solutions:
-
Correct DNS settings:
-
If Plesk is used as DNS server, add the required records as described in the following article How to add a DNS record for a domain in Plesk
-
In case if DNS are hosted outside of Plesk, create the records on the DNS registrars side.
Note: after correcting DNS settings, it is required to wait until a DNS zone is propagated through the Internet. It may take up to 48 hours.
-
-
Secure only main domain, e.g example.com:
-
Open Domains > example.com > SSL/TLS Certificates > Install(at the bottom) and leave only Secure the domain name checkbox toggled and issue the certificate:
Comments
0 comments
Please sign in to leave a comment.