• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Lets Encrypt renewal - wildcard seems to want to use http challenge

T

TomBoB

Silver Pleskian
Server operating system version
AlmaLinux 8.8 latest updates
Plesk version and microupdate number
Version 18.0.56 Update #1
Need help to pinpoint a Lets Encrypt renewal issue.

Please have a look at the image.

Trying to renew using a wildcard cert. Wildcard was not used prior.

Plesk in charge of DNS. A and AAAA records for website and mail are correct and point at the Plesk servers public IPv4 / IPv6. The new CloudFlare extension syncs DNS records (none proxied) to CF name server. That part also works. Domain registry points at the CF name servers.

In my understanding Plesk shoudl create an _acme record for the cert, which is then added to Plesk DNS, which then syncs it to CF name server. That creating of the _acme doesn't happen. Instead it seems to be using the HTTP challenge.

I cannot figure out where the issue may lie. Seem to be missing something.

To me the error message indicates it is still using HTTP challenge instead of DNS challenge to validate.

Any help greatly appreciated.
 

Attachments

  • lets encrypt renewal issue.jpg
    lets encrypt renewal issue.jpg
    186.2 KB · Views: 14
The HTTP challenge is still required, next to the DNS challenge, for issuing (and renewing) wildcard certificates. If I am not mistaken (but I might be wrong on this) the HTTP challenge is performed frist, followed by the DNS challenge.
 
SOLUTION - without finding the actual root cause.

Quadruple checked that the name resolution works, for both IPv4 and IPv6. Fine.
Quadruple checked that the token file can be opened in a browser. Fine.
Quadruple checked permissions. Fine.
Checked all the config files I could find. Apparently Fine. Cross-checked with other servers as well.

Removed and reinstalled Lets Enrypt and SSL IT. Same problem.

All other servers, no issue. Just on this one specific server, this problem happens. To all domains. Including the server cert for the FQDN of the server.

Running out of ideas, I eventually decided to completely restart the server.
That did the trick !! All domains can get certs again. Both via HTTP and via DNS challenge.

Can't tell the root cause. But some service deep inside Plesk seemed to have hung itself.
 
You must log in or register to reply here.

Similar threads

S
Question let's encrypt TXT record and nameserver-problem
Replies
2
Views
560
SiegbertG
S
W
Question Wanted: Best practice for certificates (Lets Encrypt) two separate Plesk servers for www and mail
2
Replies
20
Views
2K
W4ru
W
M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
1K
mendip_discovery
M
C
Question Plesk with Cloudflare Proxy DNS Records and Letsencrypt..
Replies
0
Views
962
cpulove
C
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
2K
klowet
K
Back
Top