• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Issue Let's Encrypt : how to retrieve the DNS acme-challenge BEFORE it executes the certificate request

kizzamp1337

New Pleskian
Hi

I am having the current case where I am migrating a bunch of domains from another webhost to my brand new Plesk server.

Now, when starting the Let's Encrypt process, sometimes it does this through DNS, and sometimes through a file in .well-known/acme-challenge.

To start off, when does it choose either? Because I am unable to choose this myself. Most likely when I do a nameserver swap, and the Plesk server itself notices that the nameservers are pointed to end up in its own Plesk machine, it thinks "oh let's do it through the DNS-record this time".
When this is the case, I can just take the acme-challenge that it's asking me to add to the DNS (which it of course does in its own zone) so i can put it on the OLD dns zone on the OLD nameservers, which makes sure that the certificate will already be generated.

Currently, this is not the case, causing Plesk to start the certificate request by placing a file in .well-known/acme-challenge/
Of course, Let's Encrypt can not yet resolve to this, as the nameservers might not have propagated.

A work-around would be to know what the acme-challenge for DNS is, manually add it to the OLD dns zone of the OLD nameservers, causing it to be validated before all root DNS servers propagated to use the new namservers.

I initially tried it by using the "error message" acme-challenge and placing it in .well-known/acme-challenge/ on the OLD ftp, however that doesn't work as every time I try to request the certificate, it generates a new acme-challenge..

Does anybody have any idea on how I could overcome this issue?

Thanks in advance!
 
Back
Top