Articles in this section

See more

Unable to reissue the Let's Encrypt SSL certificate in Plesk: DNS problem SERVFAIL looking up TXT

Avatar
Marc López
Updated
Follow
Plesk for Windows Plesk for Linux kb: technical ext: le ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • After applying the instructions for the Let's Encrypt SSL certificate issuing from the article the following error message received:

    PLESK_ERROR: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
    Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/2634982859.
    Details:
    Type: urn:ietf:params:acme:error:dns
    Status: 400
    Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.example.com - the domain's nameservers may be malfunctioning

  • The used nameservers for the example.com are managed externally
  • The TXT record for example.com is not propagated globally:

    # dig -t txt _acme-challenge.example.com +short  @8.8.8.8
    #

Cause

The DNS TXT record was not added on the nameservers on the registrar-side.

Resolution

  1. Log in to Plesk

  2. Go to Domains > example.com > Let's Encrypt check the Issue a wildcard SSL/TLS certificate option and click on Install

    Note: After that do not click Continue/Reload

  3. Then add the described DNS TXT record on the nameservers on the registrar-side.

  4. After the TXT record was added on the nameservers on the registrar-side and DNS propagation will be finished, click Continue/Reload

Comments

2 comments

Sort by Date Votes
  • Avatar
    David Foy

    These appear to describe a previous version of Plesk. There is nothing in my Plesk panel that lets me go Domains>mydomain.com>Lets's Encrypt. When I do the next most logical thing (Websites & Domains>SSL/TLS Certificates>Install a free basic certificate provided by Let's Encrypt) and click Install, there is no DNS TXT record shown to me to add to my DNS. All I get is a choice of certificates, followed by the failure message,
    "Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/14789753017.
    Details:
    Type: urn:ietf:params:acme:error:dns
    Status: 400
    Detail: DNS problem: SERVFAIL looking up A for [domain name]- the domain's nameservers may be malfunctioning"
    I troubleshoot: the nameservers at the registrar are set to ns1.vultr.com (and ns2 ditto), at vultr the DNS record is set to the correct IP for this domain, and when I go to whatsmydns.net and look for my domain name, I get the correct IP. And yet Letsencrypt is looking for something else. What?

     

    1
    Comment actions Permalink
  • Avatar
    Csteamleads

    Let's encrypt is broken within Plesk. Unable to verify A records, when each domain has valid A records that are globally propagated. No information to go off of either because Plesk doesn't update their documentation anymore.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles