Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
- Plesk Obsidian Version 18.0.61 Update #5 (or lower) with the following extensions:
- SSL It! Version 1.15.2-3490 (or lower)
- DNS Integration for Cloudflare® Version 1.0.2-329 (or lower)
- Let's Encrypt Version 3.2.8-3078 (or lower) - A brand new domain is configured in the DNS Integration for Cloudflare® extension by following these exact steps:
1. Add the domain to cloudflare.com via the Cloudflare dashboard and remove all DNS records on that end (in order to simulate a freshly registered domain)
2. Log into Plesk
3. Add the domain example.com4. Go to the DNS Integration for Cloudflare® extension, select example.com and press the Export button
5. Go to the Cloudflare dashboard for example.com and enable proxy mode for all DNS records that support it one by one.
6. Go back to Plesk > DNS Integration for Cloudflare® extension, select example.com and press the Import button
Note: This effectively enables the auto sync for example.com (or at least should):
7. Finally, go to Plesk > Domains > example.com > Dashboard > SSL/TLS Certificates and attempt to issue a Wildcard Let's Encrypt certificate for the domain (check all boxes except the Assign the certificate to the mail domain)
At this point, the Wildcard SSL issuance process is not finalized after pressing the button and going back to Plesk > Domains > example.com > Dashboard > SSL/TLS Certificates shows a screen that is similar to the following:
PLESK_INFO: Started issuing a wildcard SSL/TLS certificate from Let's Encrypt for the domain kaijujin.one.
At this point the ACME challenge TXT record is already created and visible in Plesk > Domains > example.com > Hosting & DNS > DNS, however it is not copied over to the primary DNS zone for the domain that resides on the side of Cloudflare regardless of how much you wait.
Please wait while Plesk finishes adding a DNS record with the following parameters:
Record type: TXT
Domain name: _acme-challenge.example.com
Record: ugd7h799RBmhfRHnl2NnW3KhiOK38P80IcKWNBVgMUQ
Before clicking "Continue", make sure that the DNS record was added and can be resolved externally.
To terminate and delete the existing certificate request, click "Cancel".
Cause
The Wildcard Let's Encrypt SSL issuance process is not finalized, because the DNS Integration for Cloudflare® extension does not manage to synchronize the ACME challenge TXT with the DNS zone on the side of Cloudflare as part of the Let's Encrypt Wildcard SSL issuance process.
This issue is tied to a know Plesk bug with ID #EXTPLESK-5633 that will be resolved in future versions of Plesk and the related extensions.
Once the bug is resolved permanently, it will appear in the Change Log for Plesk Obsidian.
Resolution
As a workaround, you may execute the following steps:
1. Log into Plesk
2. Go to DNS Integration for Cloudflare® extension, select example.com and press the Export button
Note: This will make the ACME challenge TXT record appear in the DNS zone for the domain on the side of Cloudflare.
3. Go to Plesk > Domains > example.com > Dashboard > SSL/TLS Certificates and press Continue
Comments
0 comments
Please sign in to leave a comment.