Articles in this section

Cannot renew wildcard Let's Encrypt certificate: TXT record could not be created automatically.

Aleksandar Stoev
Updated
Plesk for Windows Plesk for Linux kb: technical ext: le ABT: Group A

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • External DNS is used for the domain example.com.

  • Cannot renew wildcard certificate with the following messages received by Plesk administrator:

    CONFIG_TEXT: Cannot renew LE: Skip wildcard certificate renewal for the domain 'example.com'. TXT record could not be created automatically. Try to renew domain certificate manually.

Cause

TXT record has not been added or updated on domain example.com on external DNS side: when external DNS is used it is required to add TXT record manually each time to re-issue Let's Encrypt certificate.

Resolution

  1. Add TXT record on external DNS side
  2. Log into Plesk
  3. Re-issue certificate in Domains > example.com > SSL/TLS Certificates.
Was this article helpful?

Comments

1 comment
Date Votes
  • Avatar
    Paul Zasada

    This is correct for the initial installation or manual reissue, but it appears that the current implementation of Let's Encrypt management tools has a limitation that it can not automatically renew a wildcard certificate if the DNS is hosted on an external server (i.e., AWS or other cloud provider) without manually reissuing it from the domain host and manually updating the acme_challenge txt record on the external DNS every time it must be renewed.

    "Wildcard certificates will not be renewed automatically if the DNS zone is managed by an external DNS server."  

    https://support.plesk.com/hc/en-us/articles/12377508658839--How-to-install-wildcard-certificates-in-Plesk-with-Let-s-Encrypt

    0

Please sign in to leave a comment.