Cannot renew wildcard Let's Encrypt certificate: TXT record could not be created automatically.

Follow

Comments

4 comments

  • Avatar
    Carlos Martínez Gadea

    I have the same situation and have had it for some years now. I always to what you suggested, I manually edit the TXT record on my external DNS zone (in the OVH company's panel) and then I manually re-issue the certificate. Although this works fine, it's a pity it can't work as it works automatically with a single certificate.

    I think this happens because the DNS is handled by my domain provider (OVH). How can I delegate this into my Plesk server so the DNS entries that are in Plesk are the ones that rule?

    0
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy

    Carlos Martínez Gadea If you want to manage DNS from Plesk you can refer here https://support.plesk.com/hc/en-us/articles/360021907393--How-to-use-DNS-with-a-Plesk-server. You will need to point your NSs in OVH to Plesk. Please check the first section of the article.

    0
    Comment actions Permalink
  • Avatar
    Greg Wright

    This really is a pain in the butt. Why does it have to change the TXT record every time it renews? I renewed a whole bunch of certs today and then still got the notice about 6 hours later that it can't renew even though they were already renewed.

    0
    Comment actions Permalink
  • Avatar
    Andor Admiraal (Edited )

    Can this maybe be made to work when using AWS Route 53 directly through Plesk using the official plugin? After all, all DNS changes are still made in Plesk first, it should be easy to allow the SSL It! plugin to update the DNS for the certificate it wants to renew. It's kind of silly to constantly have humans login to the server to renew expired certificates, it's just a copy-paste exercise within Plesk itself. Would write a script myself, but the API/CLI does not allow fetching the required value for the new TXT record from Let's Encrypt, it's only displayed in the interface. 

    Perhaps this also holds for other DNS services when Plesk is used to update the DNS? 

    Alternatively, why not create an overview in Plesk which all certificates in Plesk, which should be manually updated, and when? Perhaps even with the new TXT record values attached, so one can quickly go manually update all the DNS-records, possibly even just copy-pasting them in a simple CLI script.

    Now we're depended on filtering the barrage of emails to find out which certificates should be renewed each week, it's so much work that should really be automated. Since most emails are for certificates that are already removed and can thus never be updated, it's quite a bit of work and not exactly an ideal workflow. How hard could it be to just display all certificates and their expiration date, and whether they can automatically be renewed or need a manual DNS change in Plesk? This latter solution would also be very handy for those using an external DNS server that does not sync from Plesk.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request