Articles in this section

See more

Unable to install wildcard Let's Encrypt certificate on Plesk server: Remove DNS record failure: DNS service is not enabled

Avatar
Dinara Aspembitova
Updated
Follow

Applicable to:

  • Plesk Onyx for Linux
  • Plesk Onyx for Windows

Symptoms

  • External DNS is used;
  • Cannot issue wildcard Let's Encrypt certificate as described in Plesk documentation:

    PLESK_ERROR: Remove DNS record failure: DNS service is not enabled

Cause

Product issue:

  • #EXTLETSENC-558 "It is now possible to issue wildcard SSL/TLS certificates from Let’s Encrypt if the BIND DNS server component is not installed."
    Fixed in:

Resolution

Please consider updating your server:

Comments

8 comments

Sort by Date Votes
  • Avatar
    Fatih Tekin

    Will there be a solution soon?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Tekin,

    Right now there is no exact ETA for the fix to become available. 

    Please, click "Follow" to subscribe to this article and you will be notified when fix will become available.

    0
    Comment actions Permalink
  • Avatar
    Glenn

    Hopefully there's a fix for this soon. Thanks

    0
    Comment actions Permalink
  • Avatar
    Brian Graham

    In the meantime there is a workaround, just did it myself.

    For anyone who can install plesk services, install the BIND DNS service. Then go back to the lets encrypt menu and click Install.

    It will load the next page with the the relevant information needed to proceed to the next step. Simply go to your external DNS host and manually add the _acme-challenge TXT record with the given (bolded) string provided by lets encrypt, then return to the lets encrypt screen and continue.

    It will correctly verify your domain, and you can safely disable the BIND DNS service on plesk.

    Be sure to leave the _acme-challenge on your DNS host.

    0
    Comment actions Permalink
  • Avatar
    Lev Iurev

    @Brian Graham

    Thank you for sharing!

    0
    Comment actions Permalink
  • Avatar
    Guilain

    I've been using Plesk for years on numerous servers and one VPS and this is the very 1st time I get this error mesage. Hopefully, Brian's solution does work

    0
    Comment actions Permalink
  • Avatar
    Rene Hamburger

    @Dinara, I've been able to renew an existing wildcard certificate now with the update version of the extensions, but the auto renewal is not working. I am getting an email warning every night stating that:

        Renewal of the following Let`s Encrypt certificates has failed:

        ...

        Could not retrieve dns service status: DNS service is not enabled

    But am I right in assuming that an auto renewal is not supported for wildcard certificates, as the DNS txt entry needs to be generated manually? (See this discussion.) Or is this exactly what the DNS service error is pointing to?

    If manual action is required, it would be great to avoid the daily warning email and rather send 1 or 2 reminders closer to the time of expiry. 

    0
    Comment actions Permalink
  • Avatar
    Bulat Tsydenov

    Hi Rene,

    This is considered as a bug which is described in this article https://support.plesk.com/hc/en-us/articles/360010149100.

    It will be fixed in one of the upcoming product updates.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles