Error in let's encrypt certificate generation

AmaZili Communication

AmaZili Communication

Basic Pleskian
Username:

TITLE

Error in let's encrypt certificate generation

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian 18.0.74 Update #2 Web Host Edition, Almalinux 9.7 directly bought from plesk.com

PROBLEM DESCRIPTION

Using plesk for years now, we had the surpise to dicover that LE certificate génération failed for the last two days especially for certificates for mail (wilcard or not).

Our domain dns records are managed externally.

The certificate generation process is looking for a mail subdomain that does not exists (since it is not used for email declaration with LE).

STEPS TO REPRODUCE

create a domain with external DNS, generate à wildcard certificate

ACTUAL RESULT

plesk obsidian Could not issue an SSL/TLS certificate for whateverdomain.tld Details Could not issue a Let's Encrypt SSL/TLS certificate for xxxxxx.com. Authorization for the domain failed. Details Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/2167655685/621540772606
Details: Type: urn:ietf:params:acme:error:dns Status: 400 Detail: DNS problem: NXDOMAIN looking up A for mail.whateverdomain.tld - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for mail.whateverdomain.tld - check that a DNS record exists for this domain

EXPECTED RESULT

certificate generation

ANY ADDITIONAL INFORMATION

(DID NOT ANSWER QUESTION)

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Last edited by a moderator:
Thank you for the report, @AmaZili Communication . There are some critical steps and details missed in the report. As in what settings exactly are selected during the Let's Encrypt installation attempt. If you are installing a wildcard SSL have you tried adding the acme_challeange record in the external DNS zone, etc.

Looks like the domain name has been incidentally left in your message (I removed it now) and it appears that the same doesn't have a mail DNS record. Thus, the reported message is somehow expected deepening on your settings.
 
Hello,
Here is the setup, domain records are managed externally with the domain provider.
Until now LE with plesk was NOT using any mail subdomain, this is new, and we will have to change the management of all the customers domain records to cope with this new "feature".
That a bug for us, not an improvement...

Thanks for your help
 

Attachments

  • Capture d'écran 2025-12-03 084553.png
    Capture d'écran 2025-12-03 084553.png
    54.7 KB · Views: 2
Thank you for the update. The ability to secure the mail service with a separate SAN was introduced back in January along with Plesk Obsidian 18.0.67. If you do not use Plesk's mail service and there's no valid DNS record for mail.domain.com, but the "Assign the certificate to the mail domain/Secure mail on this domain" are selected the error you are encountering is expected. Please try disabling the settings and you should be able to issue the certificate without an issue.
 
You must log in or register to reply here.

Similar threads

kristobal1969
Issue Plesk 18.0.70 and Could not issue/renew Let's Encrypt certificates
Replies
10
Views
4K
BuzzLightBurger
B
T
Question Let's Encrypt SSL certificate issuance on new subdomain take too long
Replies
2
Views
638
tertek
T
F
Resolved SSL It! / Lets Encrypt /wildcard auto renew not working
Replies
3
Views
2K
fabs
F
E
Resolved Can not re issue Lets Encrypt SSL Certificat
Replies
14
Views
3K
elChupete
E
Bitpalast
Forwarded to devs SSL auto-renewal attemps do not stop after removing cert and disabling SSL
Replies
6
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top