Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
- Unable to secure webmail in Plesk in Domains > example.com > SSL/TLS Certificates > Let's Encrypt if site example.com is hosted on another server:
PLESK_ERROR: An SSL / TLS certificate could not be issued for example.com.
Details An SSL / TLS Let's Encrypt certificate could not be requested for example.com.
Go to http://example.com/.well-known/acme-challenge/pt7YtTqj1HCGz2yLqRoRC-LN9SbtSp5v4cJpe0YXkY and check if the authorization token is available.
If it is, try requesting the certificate again. If not, there may be a problem with your DNS settings.
Your domain in Plesk is hosted at the following IP addresses: 203.0.113.2 although the DNS task used another IP: 203.0.114.3.
Check that the IP addresses listed in the domain's DNS zone match the IP addresses where the domain is hosted.
If this is of no use to you or you cannot detect what is wrong with your DNS settings, check out this article from our knowledge base - Webmail may be secured already, but main domain that is hosted on another server is still trying to be renewed/installed and is marked the following way in SSLit extension:
CONFIG_TEXT: Not Secured : The domain is not secured with a valid certificate. A valid certificate will be later automatically issued and installed.
Cause
When SSL/TLS Support is enabled in Domains > example.com > Hosting Settings Let's Encrypt by default tries to issue one certificate that includes example.com and webmail.example.com names.
Since example.com is hosted on another server such certificate can not be issued.
Resolution
Apply one of the following solutions to secure webmail only:
- Log in to Plesk.
- Go to Domains > example.com > Hosting Settings.
- Configure Hosting Type as No web hosting:
Note: it will remove all files from domain.
- Log in to Plesk.
- Go to Domains > example.com > Hosting Settings.
- Disable the option SSL/TLS Support:
Comments
4 comments
ok, so once you've done this — you just issue a certificate elsewhere and manually add it? because option 2 makes LetsEncrypt disappear as an option obviously ;)
Hello @airplanenoise,
This article is for situation when only webmail zone is hosted on the Plesk server. So to secure only webmail zone (for example, webmail.example.com), but not the main domain (example.com), the solution from this article should be applied. When you disable SSL/TLS Support option in Hosting Settings (resolution 2), Let's Encrypt is still available for securing webmail only:
If you cannot issue an SSL for the main domain (for example, example.com, not webmail.example.com), you will need to search for another article as this one is not applicable here.
Let me know the detailed issue description so that I try to find the solution for you.
thanks @... - yeah I can't issue the SSL for the main domain (example.com in your example) — cause it is hosted elsewhere. how can I secure webmail.example.com and other.example.com WITHOUT hosting example.com?
Hello airplanenoise,
Only webmail zone can be secured in Plesk when main domain is hosted on another server. Did you try to apply a solution from this article? Can you send the output of the same screen shots that i sent in the previous email so that I see your configuration?
other.example.com cannot be secured on a Plesk side as main domain is not hosted in Plesk. Secure other.example.com on the same server where example.com is hosted.
Please sign in to leave a comment.