Unable to issue Let's Encrypt certificate when external DNS server is used: Incorrect TXT record

Follow

Comments

6 comments

  • Avatar
    Michael Bellini

    I feel like this is a poor resolution, since it means I need to manually renew all certificates.  Instead the resolution should be to enhance the extension so that it can interact properly with remote dns.  For example, google cloud offers APIs for this exact reason

    1
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Michael Bellini

    Thank you for the feedback.

    Your Idea, in fact, may be helpful for some of the external mail servers.

    We already have extensions to automatically adjust DNS records on DigitalOcean, AWS side and we have plans for similar extension for Google Cloud.

    However, due to many realizations of DNS server functionality, some may still be unsupported and require the solution from above.

    0
    Comment actions Permalink
  • Avatar
    Ben

    Is there a reason why a wildcard install requires you to manually add the DNS rather than adding it automatically? We are using Simple DNS locally.

    0
    Comment actions Permalink
  • Avatar
    Yulia Plokhotnikova

    Hi @Ben,

    Actually Plesk adds the required TXT record automatically in domain's DNS Settings which is done to simply the process for domains that host their DNS on a Plesk server. So if you were using Plesk's DNS, no additional actions would be required. For third-party name server providers, however, it is still needed adding a TXT record manually as Plesk cannot automatically login to your third-party name server account and add a record for you for obvious reasons.

    The requirement for having a TXT record for wildcard SSLs is a security measure by Let's Encrypt: this way Let's Encrypt ensures that you are the owner of the DNS of the domain. Read more about this challenge type here: https://letsencrypt.org/docs/challenge-types/   

    -1
    Comment actions Permalink
  • Avatar
    Michael Bellini

    @Yulia Plokhotnikova Plesk can automatically add the record for remote DNS, since many remote DNS servers offer APIs.    I run many other servers that do not use plesk, and they all use Google Cloud DNS, and I can have my LE cert renewed automatically because there are extensions that communicate with Google Cloud DNS using their APIs

    This was the purpose of my first comment.  The Plesk "solution" to manually add it is not a solution

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    Michael Bellini Automatic update can be done in theory, but at this moment Plesk has no yet integration with Google Cloud DNS. We will consider adding such functionality in the future.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request