Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
- After applying the instructions for the Let's Encrypt SSL certificate issuing from the article the following error message received:
PLESK_ERROR: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/2634982859.
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning - The used nameservers for the example.com are managed externally
- The TXT record for example.com is not propagated globally:
# dig -t txt _acme-challenge.example.com +short @8.8.8.8
#
Cause
The DNS TXT record was not added on the nameservers on the registrar-side.
Resolution
-
Log in to Plesk
-
Go to Domains > example.com > SSL/TLS Certificates > Install a free basic certificate provided by Let's Encrypt check the Issue a wildcard SSL/TLS certificate option and click on Install
Note: After that do not click Continue/Reload
-
Then add the described DNS TXT record on the nameservers on the registrar-side.
-
After the TXT record was added on the nameservers on the registrar-side and DNS propagation will be finished, click Continue/Reload
Comments
3 comments
These appear to describe a previous version of Plesk. There is nothing in my Plesk panel that lets me go Domains>mydomain.com>Lets's Encrypt. When I do the next most logical thing (Websites & Domains>SSL/TLS Certificates>Install a free basic certificate provided by Let's Encrypt) and click Install, there is no DNS TXT record shown to me to add to my DNS. All I get is a choice of certificates, followed by the failure message,
"Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/14789753017.
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: SERVFAIL looking up A for [domain name]- the domain's nameservers may be malfunctioning"
I troubleshoot: the nameservers at the registrar are set to ns1.vultr.com (and ns2 ditto), at vultr the DNS record is set to the correct IP for this domain, and when I go to whatsmydns.net and look for my domain name, I get the correct IP. And yet Letsencrypt is looking for something else. What?
Let's encrypt is broken within Plesk. Unable to verify A records, when each domain has valid A records that are globally propagated. No information to go off of either because Plesk doesn't update their documentation anymore.
Is there anybody that resolved this issue?
Please sign in to leave a comment.