- Plesk Onyx for Linux
- Plesk Onyx for Windows
- The following error message appears in Plesk interface:
PLESK_ERROR: ERR [extension/letsencrypt] Domain validation failed for www.example.com: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/***. Details: Type: urn:acme:error:dns Status: 400 Detail: DNS problem: NXDOMAIN looking up A for www.example.com
Administrator receives email with the following content:
CONFIG_TEXT: Could not secure domains of example.com (login example.com) with Let's Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:
The following domains have been secured without some of their Subject Alternative Names:
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/Rkk0NW8e6gzIjOdQ7i83fVi03dSI_b0-41zYx2CnlWw.
Detail: DNS problem: NXDOMAIN looking up A for www.example.com
There is no DNS www record in Domains > example.com > DNS settings;
- Domain name containing www prefix is not resolved:
# dig +short www.example.com
- Domain without www prefix is successfully secured:
# curl --verbose -k https://example.com/ 2>&1 |grep -E "Connected to|subject|start|expire|common name|issuer"
Connected to example.com (203.0.113.2) port 443 (#0)
start date: Dec 10 10:18:06 2018 GMT
expire date: Mar 10 10:18:06 2019 GMT
common name: example.com
issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
- Option Keep website secured with free SSL certificate is enabled in Service Plans > Service Plan Name > Additional Services or in Subscriptions > example.com > Customize > Additional Services
- #EXTLETSENC-571 "The “Keep websites secured” option no longer unnecessarily reissues certificates trying to secure SANs (subdomains, domain aliases, or webmail) that do not exist or cannot pass HTTP challenge. “Keep websites secured” now checks if there are available SANs that can be secured and only then issues a certificate to secure them."
- Let’s Encrypt 2.8.0 28 May 2019
If update is not possible for some reason you may try the following
Apply one of the following workarounds:
- Login into Plesk;
Create a CNAME www record for the domain at Domains > example.com > DNS Settings:
Disable the Keep websites secured with free SSL Certificate feature for a subscription or its Service plan:
Set Let's Encrypt to None at Subscriptions > example.com > Customize > Additional Services or in Service Plans > Service Plan Name > Additional Services.