• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Incorrect TXT record "f-SabDKKcvWsjfiCn08yEbfdWiafvFo6" found at _acme-challenge.mydomain.com - What am I doing wrong?

carlsson

carlsson

Basic Pleskian
Server operating system version
Ubuntu 20.04.6 LTS
Plesk version and microupdate number
18.0.59 Update #2
Every now and then I get this message "Incorrect TXT record "f-SabDKKcvWsjfiCn08yEbfdWiafvFo6" found at _acme-challenge.mydomain.com".
Even though I have issued a Let's encrypt certificate recently, and I know that I haven't altered the _acme-challenge record after that.

The only way I know of that fixes this is to re-issue a new certificate. Feels kinda unnecessary though, but I can't find any way in Plesk that gives me the TXT record that it wants.

Is it only me?
What am I doing wrong?
 

Attachments

  • Skärmavbild 2024-04-14 kl. 15.29.57.png
    Skärmavbild 2024-04-14 kl. 15.29.57.png
    101.4 KB · Views: 3
The ACME challenge can change depending on how it's being issued and if it's a renewal.

If you're using the DNS service built into Plesk, the ACM challenge will update accordingly automatically but it's still possible that it's still waiting on the DNS changes but should auto fix itself.

If you've got a wildcard cert issued on a domain and you want to use apply a certificate to a sub domain, instead of issuing a new certificate, edit the hosting setting and select your wildcard certificate instead.
 
Thanks for the input.

I really want to use the built in DNS, but I'm afraid of only having one DNS. Maybe another topic, but should I?
 
If you're using an external DNS service like Cloudflare or DNSMadeEasy or even your registrars, then the ACME challenge will fail until you update the record yourself manually.

Also if you want to use your own, most registrars will force you to have at least 2 DNS name servers (usually can get away using the same IP address), and you don't have to if you don't want to, it can get kinda annoying to get the name servers set up correctly on other registrars for it to work correctly. Just know that when it comes to renewing the certificate that uses the DNS challenge that it might fail until you update the challenge key with the new one.
 
You must log in or register to reply here.

Similar threads

M
Issue txt records are not showing
Replies
2
Views
1K
mudassarkhan
M
H
Resolved Wildcard SSL Certificate Auto Renewals not Working for Let's Encrypt with External DNS
Replies
6
Views
3K
NickSick
N
D
Issue ACME challenge is not showing up
Replies
10
Views
2K
artalva
artalva
B
Resolved Can't secure webmail
Replies
2
Views
1K
Bricee
B
B
Resolved Why do I need an acme-challenge DNS record on one domain but not another
Replies
2
Views
9K
brownbag
B
Back
Top