Articles in this section

Issuing a Let's Encrypt SSL certificate failed: the domain's nameservers may be malfunctioning

Daniel Yordanov
Updated
Plesk for Windows Plesk for Linux kb: technical ext: le

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • Issuing or reissuing a Let's Encrypt SSL certificate for a Plesk domain fails with errors that are similar to the following:

    PLESK_ERROR: [2022-05-14 01:52:46.070] 30041:627efd312fc37 ERR [extension/letsencrypt] Domain validation failed for www.example.com: Invalid response from https://ac
    me-v02.api.letsencrypt.org/acme/authz-v3/108318164646.
    Details:
    Type: urn:ietf:params:acme:error:dns
    Status: 400
    Detail: 203.0.113.2: Fetching https://www.example.com/.well-known/acme-challenge/Lcri7ymOYda_DwacaWDVnukyUT49GXVvWMIZuPe-8Xk: DNS problem: SERVFAIL looking up A for www.example.com - the domain's nameservers may be malfunctioning; no valid AAAA records found for www.example.com
    [2022-05-14 01:52:58.866] 30041:627efd312fc37 ERR [extension/letsencrypt] Domain validation failed for example.com: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/108318236806.

Cause

Temporary issues with DNS resolution caused by network connectivity troubles on the side of the server provider. If external nameservers are used and the primary DNS zone for the domain is external, connectivity issues to them are a likely cause for the issue.

Alternatively, all DNS records have been removed from the DNS zone of the domain on the side of its primary DNS zone (regardless of whether it resides on the side of the plesk server or not).

Resolution

For the first scenario, you should wait for the network connectivity troubles to be resolved on the side of the server provider and make sure the domain is properly resolvable and attempt to reissue the certificate.

If the primary DNS zone for the domain resides on the side of Plesk and the DNS records for this domain have been removed entirely and you see no records while going to Plesk > Domains > Hosting & DNS > DNS, the recommendation is to reset the DNS zone by following these steps:

1. Log into Plesk

2. Go to Domains > Hosting & DNS > DNS

3. Press the Reset to Default button

4. Confirm the IP address details on the next screen and press OK

This action will recreate the necessary A and AAAA DNS records

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.