Let's Encrypt for domain that uses Cloudflare fails: DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk.

Comments

4 comments

  • Avatar
    Unknown User

    Ditto… changing to Full (strict) does not change the outcome - still failing with:

    The domain.com DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk.

    To resolve the issue, either assign an IPv6 address to domain.com
    ("Websites & Domains" > "Web Hosting Access") or remove the AAAA record from the domain.com DNS zone.

    There are no AAAA records listed in the DNS configuration with Cloudflare, but they do resolve.

    It is also not possible to disable IPv6 with Cloudflare in the meantime.

    1
  • Avatar
    Ronny Steinmetz

    I am on Full (Strict) for over a year without any problem, but the latest renewals keep failing.

    0
  • Avatar
    Adrien Foulon (Edited )

    Also the same issue, and enabling strict mode does not solve it (it shouldn't matter anyway because it's not in proxy mode). I also do have an ipv6 address assigned to the domain in plesk.. So I really don't understand why there is this error

    Even deleting the AAAA record in cloudflare does not solve the issue

    Okay it turns out that this error message is just bugged and appears no matter what the real underlying error is, which is very misleading

    To get the error from lets encrypt you need to click on “+ details” on that error message

    0
  • Avatar
    Marcos Mansueti (Edited )

    The AAAA DNS record error it's because remember that may be you don't have the AAAA record on your DNS but CF yes on SOA zone.

    If you want to generate a Let's Encrypt free SSL on Plesk but the domain SOA it's on CloudFlare, the solution for this it's disable temporary proxy in @ and www records, turning off cloud icon.

    Wait 60 seconds. TTL 

    Go to Plesk generate Let's Encrypt, and them Plesk will show you the acme-challenge value for DNS. Copy and paste to apply the new value on CloudFlare.

    Wait 60 seconds

    Go to Plesk window again and press Continue. The new SSL cert will works now.

    Go to CloudFlare and turn on again the cloud icon in @ and www records.

    Remember that SSL Mode on CloudFlare must be strict.

    You must do this every three months.

    1

Please sign in to leave a comment.

Have more questions? Submit a request