Could not issue or renew Let's Encrypt SSL/TLS certificate
CONFIG_TEXT: Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
Authorization for the domain failed.
Details Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/9_fD4pJYnd6o4DNUxbG0WNtYOOm-G6TeHcz8TN1K9f4. Details: Type: urn:ietf:params:acme:error:unauthorized
Detail: Incorrect TXT record "Rq5AN5tnNTHnUNfh2byBWzDZNePjIOcSJDMJYK0ku6A" found at _acme-challenge.example.com
Plesk is not the master of the zone, external servers are used:
# dig NS example.com +short
- Local DNS is stopped and/or DNS extension like "Amazon Route 53" is used
Let's Encrypt servers search for a TXT record which is missing on external DNS servers.
The TXT record returned globally is different from the one returned by the Plesk server:
# dig TXT _acme-challenge.example.com +short
# dig TXT _acme-challenge.example.com @plesk.example.com +short
plesk.example.com is the hostname of the Plesk server.
Go to Domains > example.com > Let's Encrypt.
Note: If Let's Encrypt is absent, click on SSL/TLS Certificate and in the section Entry-level protection, click on Get it free.
Check the box Issue a wildcard SSL/TLS certificate (or Secure the wildcard domain) and click on Install / Renew.
Add the TXT record showed below on your external DNS servers, and once done, click on Continue.
Note: If the page above is not shown, disable the DNS for this domains following the documentation Disabling the Plesk DNS Service and retry.