• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Letsencrypt is trying to validate www on subdomain even if www is turned off

M

Mike99

Basic Pleskian
Letsencrypt is trying to validate www subdomain on a subdomain without www, even when turned off and not used.

Settings:

Hosting settings> Preferred domain: selected without www
LetsEncrypt > Select what else can be secured Include a "www" subdomain for the domain and each selected alias: this is unchecked

Nothing has been touched for months in settings, I found this by accident resolving two other issues I have.

from /var/log/plesk/panel.log

[2018-10-12 05:09:03.034] ERR [extension/letsencrypt] Domain validation failed for www.subdomain.domain.com: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/f7X5ED-YfKcONPaMCYMwZohH3hG1TjRlXs_bsz-yS_E.
Details:
Type: urn:acme:error:dns
Status: 400
Detail: DNS problem: NXDOMAIN looking up A for www.subdomain.domain.com

Using Plesk web pro edition, Version 17.8.11 Update #24.

I found this bug report, but not confirmed Forwarded to devs - Let'sEncrypt certificate creation fails for subdomain

Can anybody give me an instruction how to fix affected subdomains with non existend www subdomains? It is not nice that Plesk is assuming on creation of subdomain to secure both www and webmail by default (my problem is only with www, for some reason webmail is not complaining even when turned off), how can I make Plesk stop validating www subdomain on a subdomain?
 
Last edited:
Are you using the latest version of the Let's Encrypt extension and Plesk? I can't remember having seen this issue here.
 
Peter Debik said:
Are you using the latest version of the Let's Encrypt extension and Plesk? I can't remember having seen this issue here.
Click to expand...

Yes, using Using Plesk web pro edition, Version 17.8.11 Update #24.

The only difference is that I have added these subdomains as a separate domain in Plesk because they both run big multisite and I wanted to back up these separately. Both of the problematic domains have preferred domain set without www in Hosting settings.
 
If the "Include www subdomain" on the Let's Encrypt installation page is NOT checked, I'd say that this is a bug of the extension. There is no reason why the extension should add the www spelling of the domain to a certificate request. Maybe you should report this as a bug of the extension on Reports if it can be reproduced.
 
Hello for everyone with similar issues, I uninstalled LetsEncrypt extension from Plesk and installed it again, the problem disappeared, this means that during some upgrades of Plesk, because I am running always the latest version, some scripts were probably not updated.
 
It is an old post... but I recently ran into this problem with 1 of my subdomains:

I got no problems with issuing the certificate for "sub.domain.de" - BUT:
The problem is that the extension will attempt to "automatically fix the issues" every day and try to get a certificate for "www.sub.domain.de", too, resulting in an error...

Domain with the "www" prefix
www.sub.domain.de		 Not Secured
: The domain is not secured with a valid certificate. A valid certificate will be later automatically issued and installed.

My System:
Plesk Obsidian, Version 18.0.28 Update #3 on CentOS Linux 7.8.2003
Let's Encrypt, Version 2.11.0-639

- the sub-domain is setup in Plesk as a domain.
- in the hosting settings for the domain the preferred domain is set to "sub.domain.de" - without "www"
- the Let's Encrypt options for "securing wildcard domain", "include www" and "secure webmail" are un-checked.

I have already tried:
- deactivating, removing and re-installing the Let's Encrypt extension
- unassigning, deleting and re-issuing the certificate (before and after re-installing extension)

Any advise on what can be done do to solve the issue?

Thanks in advance!
MSZ
 
> Any advise on what can be done do to solve the issue?

I know you already tried unassigning and re-issuing, but that solved it for me. Update and then reboot your server, then try unassigning and re-issuing the certificate again (if you haven't already solved it).
 
Spaceman said:
> Any advise on what can be done do to solve the issue?

I know you already tried unassigning and re-issuing, but that solved it for me. Update and then reboot your server, then try unassigning and re-issuing the certificate again (if you haven't already solved it).
Click to expand...

Hi, thanks, appreciate your answer, yes, tried this with reboot etc. Still getting my daily mail stating the error... :(
 
You must log in or register to reply here.

Similar threads

M
Question Use LetsEncrypt extension to secure www subdomain only
Replies
3
Views
1K
NataliaA
N
M
Forwarded to devs Letsencrypt is trying to validate www on subdomain even if www is turned off
Replies
3
Views
863
Mike99
M
brainforge
Issue Letsencrypt: Missed domain names failed to pass validation emails
Replies
1
Views
1K
JulianDot
J
A
Resolved Let's Encrypt - SERVFAIL looking up CAA
Replies
3
Views
9K
Uraniumhazee
U
R
Issue LetsEncrypt "extend" command is no longer working: nginx configuration causes 404
Replies
0
Views
2K
ronv
R
Back
Top