• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Let's Encrypt can't verify the domain

Aethem

New Pleskian
Server operating system version
Debian 12
Plesk version and microupdate number
18.0.53 Update Nr. 2
Dear Supporter,

I recently switched from one Plesk instance to another provider instance, but I am facing an issue while adding Let's Encrypt certificates automatically to domains. I have attached the error message for your reference.

Let's Encrypt requests to verify the domain with a custom TXT record in the DNS. Could you please guide me on how to fix this issue and enable automatic addition of Let's Encrypt certificates to my domains?

Thank you for your help.
 

Attachments

  • Let'S Encrypt.png
    Let'S Encrypt.png
    101.6 KB · Views: 11
If DNS of the domain is not operated on the host where you operate the domain, you need to add the TXT record manually to your DNS dataset. A TXT record is only required for wildcard SSL certs, so maybe a good and easy workaround is to uncheck the wildcard option from Let's Encrypt. Then you can for sure issue an SSL certificate for the domain if the domain is routed to the server where you try to configure SSL. Else you'd need to add the TXT record, and you'll also need to manually update that every three months at least, because Let's Encrypt needs to renew regularly.
 
Thank you, Peter, for your Feedback.

Why do I have to renew it every three months and didn't have to do it on the old provider? DNS was not running on Plesk on the previous provider, as well.

I need the wildcard for the webmail and imap/smtp certificate, isn'it?
 
I don't know how your previous provider did this, maybe he had a special piece of software on his systems or was using one of the extension-supported DNS services ("DNS integration for Cloudflare®", "DigitalOcean DNS", "Amazon Route53"). In general, Let's Encrypt certificates need to be renewed at least once every three months. If DNS is not hosted on the Plesk server, the TXT DNS record must be updated on an external server.

You do not need a wildcard certificate for mail services. Instead, simply use the hostname to access the mailserver. You can also include the webmail subdomain in a normal certificate by clicking the "webmail" checkbox.
 
Last edited:
Thank you for your feedback.

If I use a Dns extension will lets encrypt update the record in the via the dns plugin automatically every 3 month?
 
hi
I join the topic, my problem is very similar

as an attachment lets encrypt tells me that the domain does not pass validation
it never happened to me
how can i fix it?
 

Attachments

  • ssl.png
    ssl.png
    71.6 KB · Views: 12
hi
I join the topic, my problem is very similar

as an attachment lets encrypt tells me that the domain does not pass validation
it never happened to me
how can i fix it?
Please click "Detaggli" for more information. I assume that the "webmail" subdomain is not routed to your server, because from the other part of the screenshot it can be seen that the domain itself is not routed to the server. Domainvalidated certificates can only be issued if the domain is operated on the server from where the certifcate is requested.
 
Back
Top