Question Let's Encrypt Certificate Request does not use DNS Challenge

[DevMoritz]

Server operating system version

Debian 10

Plesk version and microupdate number

18.0.58 Update #2

Hey,

I want to issue a certificate for my domain xyz.com with IP 1.2.3.4 (example values), I am using some services like mail on the Plesk instance.
But I have also another software (k8s) running on my xyz.com domain, so I have my A Record directed to the k8s cluster on IP 4.3.2.1 instead of the one of Plesk.

The problem is that, when I want to reissue the certificate now it fails with the following error message:

It seems that the wrong challenge is used (HTTP-01 instead of DNS-01).
Is it even possible to renew the certificate for a domain that does not point to the Plesk instance?

Thanks for any help

 

[Peter Debik]

DNS-01 is only supported for wildcard certificates.

If the domain name itself is not hosted on the server, a certificate cannot be issued. A certificate can be issued where the domain is hosted.

Instead, you can address the server by its host name where you have a certificate for the host name.

 

[DevMoritz]

Hey,

so there is no way to use DNS-01 if the domain is not pointed to the Plesk server?
I can generate myself a cert with e.g. certbot and can upload it there, but than the CSR Part is missing and is not fully automated.

So I need to get the specific domain to work on Plesk with an certificate for my mails, how doesn't matter, except I cant point the DNS record towards it.
I use Cloudflare for DNS, so there is an service for Plesk for syncing, is it possible to tell Plesk it should change the _acme-challenge record in Cloudflare?

Maybe another idea?

Thanks
Moritz