Resolved Let's Encrypt can't verify the domain

[Aethem]

Server operating system version

Debian 12

Plesk version and microupdate number

18.0.53 Update Nr. 2

Dear Supporter,

I recently switched from one Plesk instance to another provider instance, but I am facing an issue while adding Let's Encrypt certificates automatically to domains. I have attached the error message for your reference.

Let's Encrypt requests to verify the domain with a custom TXT record in the DNS. Could you please guide me on how to fix this issue and enable automatic addition of Let's Encrypt certificates to my domains?

Thank you for your help.

 

[Aethem]

I discovered a Firewall issue: Unable to issue Let’s Encrypt certificate in Plesk: “Timeout during connect (likely firewall problem)” OR “Error getting validation data” - Support Cases from Plesk Knowledge Base
The Webdomains are free on Port 80 and 443.
Backround information. The Plesk Admin Access is IP whitlisted.
Can this config couse the error?

 

[Peter Debik]

If DNS of the domain is not operated on the host where you operate the domain, you need to add the TXT record manually to your DNS dataset. A TXT record is only required for wildcard SSL certs, so maybe a good and easy workaround is to uncheck the wildcard option from Let's Encrypt. Then you can for sure issue an SSL certificate for the domain if the domain is routed to the server where you try to configure SSL. Else you'd need to add the TXT record, and you'll also need to manually update that every three months at least, because Let's Encrypt needs to renew regularly.

 

[Aethem]

Thank you, Peter, for your Feedback.

Why do I have to renew it every three months and didn't have to do it on the old provider? DNS was not running on Plesk on the previous provider, as well.

I need the wildcard for the webmail and imap/smtp certificate, isn'it?

 

[Peter Debik]

I don't know how your previous provider did this, maybe he had a special piece of software on his systems or was using one of the extension-supported DNS services ("DNS integration for Cloudflare®", "DigitalOcean DNS", "Amazon Route53"). In general, Let's Encrypt certificates need to be renewed at least once every three months. If DNS is not hosted on the Plesk server, the TXT DNS record must be updated on an external server.

You do not need a wildcard certificate for mail services. Instead, simply use the hostname to access the mailserver. You can also include the webmail subdomain in a normal certificate by clicking the "webmail" checkbox.

 

[Aethem]

Thank you for your feedback.

If I use a Dns extension will lets encrypt update the record in the via the dns plugin automatically every 3 month?

 

[Kaspar]

Thank you for your feedback.

If I use a Dns extension will lets encrypt update the record in the via the dns plugin automatically every 3 month?

Yes.

 

[Aethem]

I‘ll get a DNS Provider an add the Plug-In. Thanks for all your Feedback.

 

[webstudio19]

hi
I join the topic, my problem is very similar

as an attachment lets encrypt tells me that the domain does not pass validation
it never happened to me
how can i fix it?

 

[Peter Debik]

hi
I join the topic, my problem is very similar

as an attachment lets encrypt tells me that the domain does not pass validation
it never happened to me
how can i fix it?

Please click "Detaggli" for more information. I assume that the "webmail" subdomain is not routed to your server, because from the other part of the screenshot it can be seen that the domain itself is not routed to the server. Domainvalidated certificates can only be issued if the domain is operated on the server from where the certifcate is requested.

 

[webstudio19]

ok solved

dns webmail now right to my ip, and domain is validate