• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Resolved Let's Encrypt - 403

S

Solarom

New Pleskian
Hello,

When I try to renew the certificate for one of my domains, an error with status 403 appears :

Error: Could not issue a Let's Encrypt SSL/TLS certificate for as-sellerie.fr
Authorization for the domain failed.
Details Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/13732064593.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "EiLQK-WtYAANG7V-VEB0vQqubN6yFgyvEzjzbWLIHGY" found at _acme-challenge.as-sellerie.fr
Click to expand...

This error only occurs with this domain. The _acme-challenge.as-sellerie.fr DNS record updates in Plesk, but it doesn't propagate.

When I run the command "dig TXT _acme-challenge.as-sellerie.fr + short" in SSH, it returns: "EiLQK-WtYAANG7V-VEB0vQqubN6yFgyvEzjzbWLIHGY". It doesn't match the new recording.

I followed Plesk's advice on this link :
support.plesk.com

Unable to issue or renew Let's Encrypt certificate when external DNS server is used: Incorrect TXT record

Applicable to: Plesk for Linux Symptoms It is not posible to issue or renew Let's Encrypt SSL/TLS certificate. The following error appears in Plesk or in a mail sent to the user's mailbox: Err...
support.plesk.com support.plesk.com

But I don't know how to do step 6 of solving :

6 - If it does not resolve, add the record to the external DNS server, removing other existing acme-challenge records from there.

Can you help me please ?
 
Your DNS zone is not delegated to your Plesk server:
# dig +short as-sellerie.fr NS
ns8.lwsdns.com.
ns5.lwsdns.com.
ns6.lwsdns.com.
ns7.lwsdns.com.

So anything you do in the DNS zone in Plesk will not have any effect on the "real world".

Solution 1: Delegate the zone as-sellerie.fr to your Plesk server at your registrar

Solution 2: Update the TXT record manually at your DNS provider and re-perform the validation

Solution 3: Check if your DNS provider has an API that is supported by Plesk (see the comments in the KB article you posted)

Solution 4: Do not create a wildcard Let's Encrypt certificate (which uses the DNS-challenge) but use the HTTP-challenge instead, eliminating the need for DNS updates to your zone for the certificate validation
 
Monty said:
Solution 4: Do not create a wildcard Let's Encrypt certificate (which uses the DNS-challenge) but use the HTTP-challenge instead, eliminating the need for DNS updates to your zone for the certificate validation
Click to expand...

Truly one of the best approaches to a seamless issuance/renewal process!
 
You must log in or register to reply here.

Similar threads

jradzuweit
Resolved Can't renew Let's Encrypt Certificate, no _acme-challenge string in Plesk Web GUI
Replies
4
Views
690
scsa20
scsa20
B
Issue Unable to issue a Let's Encrypt certificate for domain with forwarding hosting type: nginx is not installed or is disabled on the Plesk server
Replies
1
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
kristobal1969
Issue Plesk 18.0.70 and Could not issue/renew Let's Encrypt certificates
Replies
8
Views
1K
Adrian_13
A
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
3K
klowet
K
S
Question let's encrypt TXT record and nameserver-problem
Replies
2
Views
1K
SiegbertG
S
Back
Top