On October 19, 2021, we have enabled single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
If you had already registered your account at Plesk 360 (formerly known as My Plesk) please use one for login. Otherwise please re-register it using the same email address as your existing Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account.

Articles in this section

See more

Unable to reissue the Let's Encrypt SSL certificate in Plesk: DNS problem SERVFAIL looking up TXT

Avatar
Marc López
Updated
Follow
Plesk for Windows Plesk for Linux kb: technical ext: le ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • After applying the instructions for the Let's Encrypt SSL certificate issuing from the article the following error message received:

    PLESK_ERROR: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/2634982859.
    Details:
    Type: urn:ietf:params:acme:error:dns
    Status: 400
    Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning

  • The used nameservers for the example.com are managed externally
  • The TXT record for example.com is not propagated globally:

    # dig -t txt _acme-challenge.example.com +short  @8.8.8.8
    #

Cause

The DNS TXT record was not added on the nameservers on the registrar-side.

Resolution

  1. Log in to Plesk

  2. Go to Domains > example.com > Let's Encrypt or Domains > example.com > SSL/TLS Certificates > Install a free basic certificate provided by Let's Encrypt check the Issue a wildcard SSL/TLS certificate option and click on Install

    Note: After that do not click Continue/Reload

  3. Then add the described DNS TXT record on the nameservers on the registrar-side.

  4. After the TXT record was added on the nameservers on the registrar-side and DNS propagation will be finished, click Continue/Reload

Comments

3 comments

Sort by Date Votes
  • Avatar
    David Foy

    These appear to describe a previous version of Plesk. There is nothing in my Plesk panel that lets me go Domains>mydomain.com>Lets's Encrypt. When I do the next most logical thing (Websites & Domains>SSL/TLS Certificates>Install a free basic certificate provided by Let's Encrypt) and click Install, there is no DNS TXT record shown to me to add to my DNS. All I get is a choice of certificates, followed by the failure message,
    "Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/14789753017.
    Details:
    Type: urn:ietf:params:acme:error:dns
    Status: 400
    Detail: DNS problem: SERVFAIL looking up A for [domain name]- the domain's nameservers may be malfunctioning"
    I troubleshoot: the nameservers at the registrar are set to ns1.vultr.com (and ns2 ditto), at vultr the DNS record is set to the correct IP for this domain, and when I go to whatsmydns.net and look for my domain name, I get the correct IP. And yet Letsencrypt is looking for something else. What?

     

    1
    Comment actions Permalink
  • Avatar
    Csteamleads

    Let's encrypt is broken within Plesk. Unable to verify A records, when each domain has valid A records that are globally propagated. No information to go off of either because Plesk doesn't update their documentation anymore.

    0
    Comment actions Permalink
  • Avatar
    Mario F

    Is there anybody that resolved this issue?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles