• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Can't issue SSL certificate!? Help!

carlsson

carlsson

Basic Pleskian
Server operating system version
Ubuntu 20.04.6 LTS
Plesk version and microupdate number
Obsidian Version 18.0.58 Update #2
Short story:
Wordpress site is located on another server.
Email is located on our server.
DNS is hosted by the registrar.
How can I install a Let's Encrypt certificate with the help of Plesk?

Long story:
I have a client that moved their site to another Wordpress service (Kinsta) because their home page designer wanted that.
They still have email on our server though.
The DNS is hosted by the registrar.

I started to get annoying "Can't issue certificate for the domain" emails.
So I looked into this, and it turns out that Kinsta is using the same subdomain as Let's Encrypt, ie "_acme-challenge" (why do they do that!?).
To solve it I was thinking to temporarily delete the Kinsta CNAME record, and create a Let's Encrypt certificate, but I get errors.

"Your domain in Plesk is hosted on the IP address(es): 123, but the DNS challenge used another IP: 456.​
Make sure that the IP address(es) specified in the domain's DNS zone match the IP address(es) the domain is hosted on."​

Furthemore, Plesk says that the Domain is not resolvable.
How can I get rid of that error?
1710402740480.png

What is the proper setup here?

Please help, I'm a little bit confused.
 
That explains it. Thanks!

Is it possibe to get rid of the annoying "Domain is not resolvable"? It doesn't seem to matter though, but it's nice to have a clean interface. :)
 
When you have the DNS component installed on the system, the server believes that it is the responsible DNS server for the domain. You need to tell your server that it is only secondary to your external nameserver. Documentation: Plesk as a Secondary DNS Server
However, I am not sure whether this is right for you, because it might just be the case that this is not secondary but a superfluous installation of Bind when you are not using it anyway. In that case you could equally well remove your local DNS component.
 
Peter Debik said:
When you have the DNS component installed on the system, the server believes that it is the responsible DNS server for the domain. You need to tell your server that it is only secondary to your external nameserver. Documentation: Plesk as a Secondary DNS Server
However, I am not sure whether this is right for you, because it might just be the case that this is not secondary but a superfluous installation of Bind when you are not using it anyway. In that case you could equally well remove your local DNS component.
Click to expand...
Thanks for the input Peter. However, I like to have the DNS component so I easily can copy the DKIM records. And maybe I want to use the server as a DNS in the future. Does it do any harm to have it installed?

This is the only case I have where the hosting is elsewhere, and some other strange problems have arised due to this.
 
You must log in or register to reply here.

Similar threads

carlsson
Issue Mail on Plesk, web on other provider, how do I create a correct SSL?
Replies
2
Views
146
carlsson
carlsson
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
340
Daiv
D
W
Issue Problems with changing Domain IP address.
Replies
0
Views
114
wyga
W
futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
5
Views
174
learning_curve
learning_curve
f0rtem
Question Unable to use SSL unless I expose my IP?
Replies
2
Views
788
f0rtem
f0rtem
Back
Top