• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Can't secure webmail

B

Bricee

New Pleskian
Server operating system version
Microsoft Windows Server 2016 x86_64 Build date: 2022/11/04 03:00
Plesk version and microupdate number
Plesk Obsidian 18.0.48.0 Web Pro Edition
hello all

After help from Monty I now can access webmail successfully, however I now have another isse. When I try to install a certficate for mail I get this response. I am not familiar with DNS stuff (learning as I go)

Started issuing a wildcard SSL/TLS certificate from Let's Encrypt for the domain p2d.org.au.​


Please wait while Plesk finishes adding a DNS record with the following parameters:
Record type: TXT
Domain name: _acme-challenge.p2d.org.au
Record: DBNporAp6GpE6B9oVGr5HqN669v5XdbR6MTFSZWN8cw

To terminate and delete the existing certificate request, click "Cancel".

Before clicking "Reload", make sure that the DNS record was added and can be resolved externally.
ReloadCancel

Could not issue an SSL/TLS certificate for p2d.org.au
Details
Could not issue a Let's Encrypt SSL/TLS certificate for p2d.org.au. Authorization for the domain failed.

Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/189211876697.

Details:

Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.p2d.org.au - check that a DNS record exists for this domain

I am a bit clueless on DNS as its all new to me.

Many thanks for any help
 
Let's Encrypt certificates are domain-validated certs. They require that the domain can be accessed through the Internet. Th SSL extension places a token file at a specific place on your server, then the Let's Encrypt servers try to read that file. For that reason your domain must be correctly resolved to your server, else your server cannot be reached.

The error message says that a required record in the nameserver is misssing. If you are using the DNS system that comes with Plesk and your server is your authoritative nameserver for your domain (named as nameserver in your domain dataset where you registered your domain name), then Plesk will automatically add the TXT record to your nameserver. In that case you can simply hit "Reload" as the error message says a bit later, a few seconds later. If you are not using the built-in Plesk DNS and have nameservers at your domain provider, then you will need to add the given TXT record to your nameserver entry for your domain manually. After you have done that, go back to to your SSL extension and try to create the certificate again.
 
Hi Peter

Thank you so much for your very understandable explanation. Everything is falling into place now!

Warmest Regards
Brice
 
You must log in or register to reply here.

Similar threads

K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
215
klowet
K
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
369
Daiv
D
W
Issue Trying in issue SSL for domain name
Replies
1
Views
625
Peter Debik
P
eric91611116
Issue First trial with SSL certificate / Authorization for the domain failed.
Replies
1
Views
1K
Peter Debik
P
carlsson
Question Incorrect TXT record "f-SabDKKcvWsjfiCn08yEbfdWiafvFo6" found at _acme-challenge.mydomain.com - What am I doing wrong?
Replies
3
Views
168
scsa20
scsa20
Back
Top