Applicable to:
- Plesk Onyx for Linux
- Plesk Onyx for Windows
Symptoms
- External DNS is used;
- Cannot issue wildcard Let's Encrypt certificate as described in Plesk documentation:
PLESK_ERROR: Remove DNS record failure: DNS service is not enabled
Cause
Product issue:
- #EXTLETSENC-558 "It is now possible to issue wildcard SSL/TLS certificates from Let’s Encrypt if the BIND DNS server component is not installed."
Fixed in:- Let’s Encrypt 2.8.1 04 July 2019
Resolution
Please consider updating your server:
Comments
8 comments
Will there be a solution soon?
Hello @Tekin,
Right now there is no exact ETA for the fix to become available.
Please, click "Follow" to subscribe to this article and you will be notified when fix will become available.
Hopefully there's a fix for this soon. Thanks
In the meantime there is a workaround, just did it myself.
For anyone who can install plesk services, install the BIND DNS service. Then go back to the lets encrypt menu and click Install.
It will load the next page with the the relevant information needed to proceed to the next step. Simply go to your external DNS host and manually add the _acme-challenge TXT record with the given (bolded) string provided by lets encrypt, then return to the lets encrypt screen and continue.
It will correctly verify your domain, and you can safely disable the BIND DNS service on plesk.
Be sure to leave the _acme-challenge on your DNS host.
@Brian Graham
Thank you for sharing!
I've been using Plesk for years on numerous servers and one VPS and this is the very 1st time I get this error mesage. Hopefully, Brian's solution does work
@Dinara, I've been able to renew an existing wildcard certificate now with the update version of the extensions, but the auto renewal is not working. I am getting an email warning every night stating that:
Renewal of the following Let`s Encrypt certificates has failed:
...
Could not retrieve dns service status: DNS service is not enabled
But am I right in assuming that an auto renewal is not supported for wildcard certificates, as the DNS txt entry needs to be generated manually? (See this discussion.) Or is this exactly what the DNS service error is pointing to?
If manual action is required, it would be great to avoid the daily warning email and rather send 1 or 2 reminders closer to the time of expiry.
Hi Rene,
This is considered as a bug which is described in this article https://support.plesk.com/hc/en-us/articles/360010149100.
It will be fixed in one of the upcoming product updates.
Please sign in to leave a comment.