Unable to issue or renew Let's Encrypt certificate in Plesk when external DNS server is used: Incorrect TXT record

Follow

Comments

8 comments

  • Avatar
    Julian Bonpland Mignaquy

    Kai Eisbrenner in order to get the message again go through the steps once again and Click on Reissue certificate.

     

    1
    Comment actions Permalink
  • Avatar
    Kai Eisbrenner

    How to force the "Start to issuing" dialog in step 5, if plesk does not show this? In the e-mail, that tells, the acme challegnde is wrog, only the found wrong content is contained, but how to force to get the current expected in order to update the dns entry (dns servers are not on the same server as plesk resides on)

    0
    Comment actions Permalink
  • Avatar
    Maarten Westera

    i know but what is annoying is that if you're relying on a 3rd party to create the TXT record. the webpage has expired before it can be created. and then you start again with a completely different record..

    0
    Comment actions Permalink
  • Avatar
    Mark Waterhouse

    I have come across this problem several times as many Plesk installations are single nodes and therefore dont have multiple DNS servers

    The 'fix' we have come up with is to request/renew the certificate via CLI

    So, for mydomain.com

    plesk bin extension --exec letsencrypt cli.php --webroot-path /var/www/vhosts/mydomain.com/httpdocs -d mydomain.com -d webmail.mydomain.com -d www.mydomain.com -m email@mydomain.com

     

    This negates the issue with DNS transfer timeouts

    0
    Comment actions Permalink
  • Avatar
    Felipe Santos (Edited )

    there is no button "Reissue certificate"
    - the isue was a firewall blocking.
    i would like to know which ports are need to lets encrypt generate a new SSL?

    0
    Comment actions Permalink
  • Avatar
    Marlon kokkonen

    Your "guide" fails to explain when plesk choses DNS acme plugin, and when it choses http acme plugin. I never even get the Start to issuing dialog with the acme_challenge, just like Kai Eisbrenner which you failed to understand as well. (Just like me Kai never gets the prompt to validate the Acme_chalenge, because his plesk is using the http acme plugin.) Instead my plesk just uses DNS for one website, and HTTP for the other. Even just newly created sites are sometimes unable to request an certificate because plesk chooses things without giving me the possibility to force anything. 
    Also another thing, the Plesk Published Cloudflare plugin is supposed to force acme_challenges for sites using cloudflare, this seems to work for random domains as well. 

    0
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy

    Hi Marlon, if you wish to see the screenshot from step 5 just navigate to Domains > example.com > SSL certificates > Reissue certificate > Lets Encrypt and make sure Wildcard is selected. (the path may change)

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request