Unable to activate Google Drive Backup: ERROR: Error: Call to a member function process() on null (RemoteSettings.php:96)
Unable to start Watchdog: Error: Error occurred while calling the module utility wdservice: 'start: Job is already running: psa-wdcollect
Unable to install APS application: Call to a member function getOwner() on null
Mod Security got automatically disabled after installing the micro update 68 for Plesk Onyx 17.8.11
Plesk Route 53 extension continues provisioning DNS zones while it is disabled
Unable to update domain alias with SmartUpdate when the main domain resolves to another server
Advanced Monitoring shows /snap/* partitions and alerts them being overconsumed
Unable to scan WP instances: task is stuck at 0%
Is it possible to set a Wordpress template in Wordpress Toolkit while logged into Plesk as a Reseller?
WordPress update via Smart Update fails: Smart Update was unable to correctly clone your website for further analysis

See more

Cannot issue wildcard Let's Encrypt certificate in Plesk: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.example.com

Updated August 15, 2019 15:11

Applicable to:

Plesk for Linux
Plesk for Windows

Symptoms

Issuing a wildcard Let's Encrypt certificate in Plesk in Domains > example.com > Let's Encrypt (or in Domains > example.com > SSL/TLS Certificates if the extension SSL It! is installed) fails with the error:

PLESK_ERROR: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com. Authorization for the domain failed.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/zEHPSbB4eUyIomzu9qynFouNGrIgiUlJZ755z_Kx4kY.
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.example.com
The TXT DNS record for the hostname _acme-challenge.example.com is not available globally:

# nslookup -type=TXT _acme-challenge.example.com
Server: 8.8.8.8
Address: 8.8.8.8#53

** server can't find _acme-challenge.example.com: NXDOMAIN
The same DNS record is present in Plesk in Domains > example.com > DNS Settings and is returned by Plesk's DNS server:

# nslookup -type=TXT _acme-challenge.example.com example.com
Server: example.com
Address: 203.0.113.2#53

_acme-challenge.example.com text = "yFHaUBDo0THtVyjdmtwmJkgEAmPDemtITjpftHrN9Wg"

Cause

The TXT DNS record for the hostname _acme-challenge.example.com is not available globally.

Resolution

DNS zone of the domain is hosted on the Plesk server

Wait until the DNS propagation is completed and the required record is available globally. The propagation can take up to 72 hours. Check of the record's availability can be done on resources like https://dnschecker.org/.
Issue Let's Encrypt certificate again in Plesk in Domains > example.com > Let's Encrypt (or in Domains > example.com > SSL/TLS Certificates).

DNS zone of the domain is hosted on external DNS hosting

On the external DNS hosting, add the TXT record for the hostname _acme-challenge.example.com. The value for the record can be obtained in Plesk in Domains > example.com > DNS Settings.
Issue Let's Encrypt certificate again in Plesk in Domains > example.com > Let's Encrypt (or in Domains > example.com > SSL/TLS Certificates).

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request