Could not issue a Let's Encrypt certificate: DNS zone contains an AAAA record, but the domain is not assigned an IPv6 address in Plesk

Follow

Comments

8 comments

  • Avatar
    Tino Korth | DrehPunkt GmbH (Edited )

    If you're securing your domains with Cloudflare the problem can also caused by the configuration of SSL at Cloudflare.

    Turn on "Full" unstead "Full (Strict)" mode, secure your domain and re-enable "Full (Strict)" after the issuing worked well.

    6
    Comment actions Permalink
  • Avatar
    Gary Moylan

    always getting this, the cloudflare fix above, fixed it. Thanks. 

    1
    Comment actions Permalink
  • Avatar
    diego.a.biscaia

    Thansk Tino Korth | DrehPunkt GmbH solve my problem. It was exactly this configuration that was missing.

    0
    Comment actions Permalink
  • Avatar
    Olivia Merinos

    Thanks Tino Korth | DrehPunkt GmbH. I spent several hours doing this, I even removed the bind service from the server, thanks a lot for this.

    0
    Comment actions Permalink
  • Avatar
    Omer Sabic

    For me, the problem was very different. I had the same error as above and I'm also using Clouflare. But the problem was that I was "challenging" all foreign traffic with a JS challenge by using firewall rules. Making an exception for URIs that contain ".well-known/acme-challenge" is the solution in this case. It has nothing to do with DNS, IPv6 or AAAA records.

    0
    Comment actions Permalink
  • Avatar
    Andre Kasper

    I've got the same problem, but IPv6 IS assigned in webhosting access and to server (and it's also pingable). I'm lost how to fix this. I don't want to remove the AAAA Record, because it's correct.

    0
    Comment actions Permalink
  • Avatar
    Turab Garip (Edited )

    Above fix for Cloudflare didn't work for me. My SSL setting is already "Full" and not "Full (Strict)". I had to pause Cloudflare on site for a second or two, until the Let's Encrypt verification ends.

    A note on what @Omer Sabic suggests: His solution is pretty better than mine but it is worth to note that it my help malicious requests to bypass Cloudflare JS challenge. You better create the rule with "URI equals" rather than "URI contains". Use this path to set this rule: "/.well-known/acme-challenge/"

    0
    Comment actions Permalink
  • Avatar
    Katherine Bevan (Edited )

    I'm getting this failure message but when I go in to records I don't have any listed as AAAA - what should I do next?

    (Just to add, I have tried assigning an IPv6 to the domain but there is no option to do this under Web hosting access)

     

    (yes I'm very new to this, thanks for your help!)

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request