Cannot issue wildcard Let's Encrypt certificate in Plesk: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.example.com

Follow

Comments

5 comments

  • Avatar
    Alex Laforge

    Having to specifiy the TXT content on the external Name Server each time a renew is required is absolutely impossible, too long, so not a solution.

    We definitely NEED an option in Plesk Obsidian Windows to be able to choose if :

    - Option A : Plesk Let's Encrypt extension will use the method of adding a TXT record in the Plesk DNS Zone

    - Option B : Plesk Let's Encrypt extension will use the method of creating a /.well-known/ file under the domain root. This option will be useful for all the people not using Plesk as their Name Server.

    3
    Comment actions Permalink
  • Avatar
    Lev Iurev

    @Alex Laforge As I can see it was figured out in the ticket.

    0
    Comment actions Permalink
  • Avatar
    Alex Laforge

    Yes, your technical support solved the situation. In fact, for those who come to this page, you must know that, to issue certificates, Let's Encrypt servers use two types of challenges:

    • HTTP-01 for issuing regular certificates - the token is checked at the URL http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>.
    • DNS-01 for issuing wildcard certificates - the token is checked in the DNS TXT record _acme-challenge.<YOUR_DOMAIN>.

    More information are available at this page https://letsencrypt.org/docs/challenge-types/

    I wish that this information would be more clearly displayed inside Plesk, or on the SSL-related Plesk Documentation pages.

    2
    Comment actions Permalink
  • Avatar
    Francois Breton (Edited )

    I wish I could use the DNS-01 but my forwarded domain still want to use http-01 (without success) even if I want a wildcard.

    vote for it !

    0
    Comment actions Permalink
  • Avatar
    Michael Pöllinger

    Even if you choose wildcard it also tries to get the chellange via http what doesn´t work for domains which have a different A-Record.
    There should be an option to choose between. In the past wildcards where provided via DNS, but it seems to be changed

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request