• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Lets Encrypt renew problem - Type: urn:ietf:params:acme:error:unauthorized

V

ViaHosting

Basic Pleskian
The Lets Encrypt certificates hasn't renewed automatically.

When trying to renew manually, I got the following error:

Não foi possível emitir um certificado SSL/TLS para xtpo.com.
Detalhes
Não foi possível emitir um certificado Let's Encrypt SSL/TLS para xtpo.com. Autorização para o domínio falhou.
Detalhes
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/460xxxxxx.

Details:

Type: urn:ietf:params:acme:error:unauthorized

Status: 403

Detail: Incorrect TXT record "yTCcD5h3L2xg_R9SmJmbEqRbnXU36Z_o0rgnGVyo0qY" found at _acme-challenge.xtpo.com
Click to expand...


After investigating, I discovery that the problem is Lets Encrypt module is not updating DNS record.
If there is a "_acme-challenge" record, it is not update.
It there isn't a record, it's not created.

You can see on image 2-DNS.png, that the record "_acme-challenge" has the wrong value, even after the prior step (image 1-CERTIFICADO.png).

The problem starts on Plesk Obsidian 18.0.26.
Tried to upgrade to version 18.0.27, but the problem remains.

The temporarily soluction is update the DNS record manually, before continue the renew process.


Complementing the information:
In Linux versions, the problem is a little bit different.
The certificate isn't renewed automatically also,
but it works if you try manually.



------------------------------------------
SO: Microsoft Windows Server 2019
Produto: Plesk Obsidian
Versão 18.0.27, última atualização em 15/05/2020 17:37
 

Attachments

  • 1-CERTIFICADO.PNG
    1-CERTIFICADO.PNG
    82.1 KB · Views: 46
  • 2-DNS.PNG
    2-DNS.PNG
    8.4 KB · Views: 45
  • 3-ERRO.PNG
    3-ERRO.PNG
    53 KB · Views: 41
Last edited:
You must log in or register to reply here.

Similar threads

L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
S
Question let's encrypt TXT record and nameserver-problem
Replies
2
Views
598
SiegbertG
S
W
Question Wanted: Best practice for certificates (Lets Encrypt) two separate Plesk servers for www and mail
2
Replies
20
Views
2K
W4ru
W
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
2K
klowet
K
D
Question Renewing Let's encrypt automatically
Replies
6
Views
2K
iainh
I
Back
Top