Question let's encrypt TXT record and nameserver-problem

[SiegbertG]

Server operating system version

Ubuntu 24.04

Plesk version and microupdate number

Plesk Obsidian Version 18.0.66

Hello,

I am using the plesk DNS bind and Plesk nameserver for a subdomain. To create a cetificate let's encrypt needs a TXT-record _acme-challenge.
For a new domain/subdomain I always have to create such a TXT in the adminitration-panel of the server (using the nameserver of the provider). If I create the TXT-record only in the Plesk DNS-settings I get a message, that there is a wrong TXT-record "google-site-verification" (that is from the domain, not from subdomain and is located in the DNS-settings of the provider) or that no _acme-challenge TXT record could be found.

What am I doing wrong here?

As a workaround I create the same subdomain in the providers panel, setup the TXT-record and delete the subdomain in the provider panel after getting the let's encrypt-certifcate. But I think this is not the way it schould work .

best regards
Siegbert

 

[Kaspar]

Your DNS setup isn't entirely clear to me, but it sounds like you're managing your DNS externally. If that's the case you'll (manually) need to add the TXT-record _acme-challenge to the external DNS.

Note that DNS verification for Let's Encrypt certificates is only needed when using the wildcard DNS option. If you re-issue a certificate in Plesk and disable the wildcard option the verification is done via HTTP.

 

[SiegbertG]

Thanks a lot - in most cases the wildcard option is not neccessary so I can disable it and use HTTP-verification.